This bug was fixed in the package linux - 4.4.0-130.156 --------------- linux (4.4.0-130.156) xenial; urgency=medium
* linux: 4.4.0-130.156 -proposed tracker (LP: #1776822) * CVE-2018-3665 (x86) - x86/fpu: Fix early FPU command-line parsing - x86/fpu: Fix 'no387' regression - x86/fpu: Disable MPX when eagerfpu is off - x86/fpu: Default eagerfpu=on on all CPUs - x86/fpu: Fix FNSAVE usage in eagerfpu mode - x86/fpu: Fix math emulation in eager fpu mode - x86/fpu: Fix eager-FPU handling on legacy FPU machines linux (4.4.0-129.155) xenial; urgency=medium * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352) * Xenial update to 4.4.134 stable release (LP: #1775771) - MIPS: ptrace: Expose FIR register through FP regset - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" - affs_lookup(): close a race with affs_remove_link() - aio: fix io_destroy(2) vs. lookup_ioctx() race - ALSA: timer: Fix pause event notification - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register - libata: Blacklist some Sandisk SSDs for NCQ - libata: blacklist Micron 500IT SSD with MU01 firmware - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent - Revert "ipc/shm: Fix shmat mmap nil-page protection" - ipc/shm: fix shmat() nil address after round-down when remapping - kasan: fix memory hotplug during boot - kernel/sys.c: fix potential Spectre v1 issue - kernel/signal.c: avoid undefined behaviour in kill_something_info - xfs: remove racy hasattr check from attr ops - do d_instantiate/unlock_new_inode combinations safely - firewire-ohci: work around oversized DMA reads on JMicron controllers - NFSv4: always set NFS_LOCK_LOST when a lock is lost. - ALSA: hda - Use IS_REACHABLE() for dependency on input - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account - PCI: Add function 1 DMA alias quirk for Marvell 9128 - tools lib traceevent: Simplify pointer print logic and fix %pF - perf callchain: Fix attr.sample_max_stack setting - tools lib traceevent: Fix get_field_str() for dynamic strings - dm thin: fix documentation relative to low water mark threshold - nfs: Do not convert nfs_idmap_cache_timeout to jiffies - watchdog: sp5100_tco: Fix watchdog disable bit - kconfig: Don't leak main menus during parsing - kconfig: Fix automatic menu creation mem leak - kconfig: Fix expr_free() E_NOT leak - ipmi/powernv: Fix error return code in ipmi_powernv_probe() - Btrfs: set plug for fsync - btrfs: Fix out of bounds access in btrfs_search_slot - Btrfs: fix scrub to repair raid6 corruption - scsi: fas216: fix sense buffer initialization - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes - powerpc/numa: Ensure nodes initialized for hotplug - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure - ntb_transport: Fix bug with max_mw_size parameter - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute - ocfs2: return error when we attempt to access a dirty bh in jbd2 - mm/mempolicy: fix the check of nodemask from user - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages - asm-generic: provide generic_pmdp_establish() - mm: pin address_space before dereferencing it while isolating an LRU page - IB/ipoib: Fix for potential no-carrier state - x86/power: Fix swsusp_arch_resume prototype - firmware: dmi_scan: Fix handling of empty DMI strings - ACPI: processor_perflib: Do not send _PPC change notification if not ready - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS - xen-netfront: Fix race between device setup and open - xen/grant-table: Use put_page instead of free_page - RDS: IB: Fix null pointer issue - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics - proc: fix /proc/*/map_files lookup - cifs: silence compiler warnings showing up with gcc-8.0.0 - bcache: properly set task state in bch_writeback_thread() - bcache: fix for allocator and register thread race - bcache: fix for data collapse after re-attaching an attached device - bcache: return attach error when no cache set exist - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames - locking/qspinlock: Ensure node->count is updated before initialising node - irqchip/gic-v3: Change pr_debug message to pr_devel - scsi: ufs: Enable quirk to ignore sending WRITE_SAME command - scsi: bnx2fc: Fix check in SCSI completion handler for timed out request - scsi: sym53c8xx_2: iterator underflow in sym_getsync() - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() - scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() - ARC: Fix malformed ARC_EMUL_UNALIGNED default - usb: gadget: f_uac2: fix bFirstInterface in composite gadget - usb: gadget: fsl_udc_core: fix ep valid checks - usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() - selftests: memfd: add config fragment for fuse - scsi: storvsc: Increase cmd_per_lun for higher speed devices - scsi: aacraid: fix shutdown crash when init fails - scsi: qla4xxx: skip error recovery in case of register disconnect. - ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt - ARM: OMAP3: Fix prm wake interrupt for resume - ARM: OMAP1: clock: Fix debugfs_create_*() usage - NFC: llcp: Limit size of SDP URI - mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 - md raid10: fix NULL deference in handle_write_completed() - drm/exynos: fix comparison to bitshift when dealing with a mask - usb: musb: fix enumeration after resume - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() - md: raid5: avoid string overflow warning - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access - s390/cio: fix return code after missing interrupt - s390/cio: clear timer when terminating driver I/O - ARM: OMAP: Fix dmtimer init for omap1 - smsc75xx: fix smsc75xx_set_features() - regulatory: add NUL to request alpha2 - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations - media: dmxdev: fix error code for invalid ioctls - md/raid1: fix NULL pointer dereference - batman-adv: fix packet checksum in receive path - batman-adv: invalidate checksum on fragment reassembly - netfilter: ebtables: convert BUG_ONs to WARN_ONs - nvme-pci: Fix nvme queue cleanup if IRQ setup fails - clocksource/drivers/fsl_ftm_timer: Fix error return checking - r8152: fix tx packets accounting - virtio-gpu: fix ioctl and expose the fixed status to userspace. - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 - bcache: fix kcrashes with fio in RAID5 backend dev - sit: fix IFLA_MTU ignored on NEWLINK - gianfar: Fix Rx byte accounting for ndev stats - net/tcp/illinois: replace broken algorithm reference link - xen/pirq: fix error path cleanup when binding MSIs - Btrfs: send, fix issuing write op when processing hole in no data mode - selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable - KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing - watchdog: f71808e_wdt: Fix magic close handling - e1000e: Fix check_for_link return value with autoneg off - e1000e: allocate ring descriptors with dma_zalloc_coherent - usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers - scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM - scsi: sd: Keep disk read-only when re-reading partition - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). - xen: xenbus: use put_device() instead of kfree() - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM - netfilter: ebtables: fix erroneous reject of last rule - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). - workqueue: use put_device() instead of kfree() - ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu - sunvnet: does not support GSO for sctp - net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off - batman-adv: fix header size check in batadv_dbg_arp() - vti4: Don't count header length twice on tunnel setup - vti4: Don't override MTU passed on link creation via IFLA_MTU - perf/cgroup: Fix child event counting bug - RDMA/ucma: Correct option size check using optlen - mm/mempolicy.c: avoid use uninitialized preferred_node - selftests: ftrace: Add probe event argument syntax testcase - selftests: ftrace: Add a testcase for string type with kprobe_event - selftests: ftrace: Add a testcase for probepoint - batman-adv: fix multicast-via-unicast transmission with AP isolation - batman-adv: fix packet loss for broadcasted DHCP packets to a server - ARM: 8748/1: mm: Define vdso_start, vdso_end as array - net: qmi_wwan: add BroadMobi BM806U 2020:2033 - net/usb/qmi_wwan.c: Add USB id for lt4120 modem - net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 - llc: properly handle dev_queue_xmit() return value - mm/kmemleak.c: wait for scan completion before disabling free - net: Fix untag for vlan packets without ethernet header - net: mvneta: fix enable of all initialized RXQs - sh: fix debug trap failure to process signals before return to user - x86/pgtable: Don't set huge PUD/PMD on non-leaf entries - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table - swap: divide-by-zero when zero length swap file on ssd - sr: get/drop reference to device in revalidate and check_events - Force log to disk before reading the AGF during a fstrim - cpufreq: CPPC: Initialize shared perf capabilities of CPUs - scsi: aacraid: Insure command thread is not recursively stopped - dp83640: Ensure against premature access to PHY registers after reset - mm/ksm: fix interaction with THP - mm: fix races between address_space dereference and free in page_evicatable - Btrfs: bail out on error during replay_dir_deletes - Btrfs: fix NULL pointer dereference in log_dir_items - btrfs: Fix possible softlock on single core machines - ocfs2/dlm: don't handle migrate lockres if already in shutdown - sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning - KVM: VMX: raise internal error for exception during invalid protected mode state - fscache: Fix hanging wait on page discarded by writeback - sparc64: Make atomic_xchg() an inline function rather than a macro. - rtc: snvs: Fix usage of snvs_rtc_enable - net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() - Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB - btrfs: tests/qgroup: Fix wrong tree backref level - Btrfs: fix copy_items() return value when logging an inode - btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers - xen/acpi: off by one in read_acpi_id() - ACPI: acpi_pad: Fix memory leak in power saving threads - powerpc/mpic: Check if cpu_possible() in mpic_physmask() - m68k: set dma and coherent masks for platform FEC ethernets - parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode - hwmon: (nct6775) Fix writing pwmX_mode - rtc: hctosys: Ensure system time doesn't overflow time_t - powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer - powerpc/perf: Fix kernel address leak via sampling registers - tools/thermal: tmon: fix for segfault - selftests: Print the test we're running to /dev/kmsg - net/mlx5: Protect from command bit overflow - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) - ima: Fix Kconfig to select TPM 2.0 CRB interface - [Config] CONFIG_TCG_CRB=y - ima: Fallback to the builtin hash algorithm - arm: dts: socfpga: fix GIC PPI warning - usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields - cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path - clk: Don't show the incorrect clock phase - zorro: Set up z->dev.dma_mask for the DMA API - bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set - ACPICA: Events: add a return on failure from acpi_hw_register_read - ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c - i2c: mv64xxx: Apply errata delay only in standard mode - KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use - xhci: zero usb device slot_id member when disabling and freeing a xhci slot - MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset - PCI: Restore config space on runtime resume despite being unbound - ipmi_ssif: Fix kernel panic at msg_done_handler - usb: dwc2: Fix interval type issue - usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS - usb: gadget: ffs: Execute copy_to_user() with USER_DS set - powerpc: Add missing prototype for arch_irq_work_raise() - ASoC: topology: create TLV data for dapm widgets - perf/core: Fix perf_output_read_group() - hwmon: (pmbus/max8688) Accept negative page register values - hwmon: (pmbus/adm1275) Accept negative page register values - cdrom: do not call check_disk_change() inside cdrom_open() - gfs2: Fix fallocate chunk size - usb: gadget: udc: change comparison to bitshift when dealing with a mask - usb: gadget: composite: fix incorrect handling of OS desc requests - x86/devicetree: Initialize device tree before using it - x86/devicetree: Fix device IRQ settings in DT - ALSA: vmaster: Propagate slave error - media: cx23885: Override 888 ImpactVCBe crystal frequency - media: cx23885: Set subdev host data to clk_freq pointer - media: s3c-camif: fix out-of-bounds array access - dmaengine: pl330: fix a race condition in case of threaded irqs - media: em28xx: USB bulk packet size fix - clk: rockchip: Prevent calculating mmc phase if clock rate is zero - enic: enable rq before updating rq descriptors - hwrng: stm32 - add reset during probe - staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr - rtc: tx4939: avoid unintended sign extension on a 24 bit shift - serial: xuartps: Fix out-of-bounds access through DT alias - serial: samsung: Fix out-of-bounds access through serial port index - serial: mxs-auart: Fix out-of-bounds access through serial port index - serial: imx: Fix out-of-bounds access through serial port index - serial: fsl_lpuart: Fix out-of-bounds access through DT alias - serial: arc_uart: Fix out-of-bounds access through DT alias - PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 - udf: Provide saner default for invalid uid / gid - media: cx25821: prevent out-of-bounds read on array card - clk: samsung: s3c2410: Fix PLL rates - clk: samsung: exynos5260: Fix PLL rates - clk: samsung: exynos5433: Fix PLL rates - clk: samsung: exynos5250: Fix PLL rates - clk: samsung: exynos3250: Fix PLL rates - crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss - audit: return on memory error to avoid null pointer dereference - MIPS: Octeon: Fix logging messages with spurious periods after newlines - drm/rockchip: Respect page offset for PRIME mmap calls - x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified - perf tests: Use arch__compare_symbol_names to compare symbols - perf report: Fix memory corruption in --branch-history mode --branch-history - selftests/net: fixes psock_fanout eBPF test case - netlabel: If PF_INET6, check sk_buff ip header version - scsi: lpfc: Fix issue_lip if link is disabled - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing - scsi: lpfc: Fix frequency of Release WQE CQEs - regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' - ASoC: samsung: i2s: Ensure the RCLK rate is properly determined - Bluetooth: btusb: Add device ID for RTL8822BE - kdb: make "mdr" command repeat - s390/ftrace: use expoline for indirect branches - Linux 4.4.134 * Support SocketCAN over USB on Dell IoT 300x Gateways (LP: #1774563) - [Config] CONFIG_CAN_HMS_USB=m - SAUCE: (no-up) Support IXXAT USB SocketCAN device - i386/amd64 -- Add new module ixx_usb * Ubuntu 16.04 (4.4.0-127) hangs on boot with virtio-scsi MQ enabled (LP: #1775235) - SAUCE: (no-up) virtio-scsi: Increment reqs counter. * register on binfmt_misc may overflow and crash the system (LP: #1775856) - fs/binfmt_misc.c: do not allow offset overflow * The kernel NULL pointer dereference happens when accessing the task_struct by task_cpu() in function cpuacct_charge() (LP: #1775326) - sched/cpuacct: Simplify the cpuacct code * Xenial update to 4.4.133 stable release (LP: #1775477) - 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() - bridge: check iface upper dev when setting master via ioctl - dccp: fix tasklet usage - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg - llc: better deal with too small mtu - net: ethernet: sun: niu set correct packet size in skb - net/mlx4_en: Verify coalescing parameters are in range - net_sched: fq: take care of throttled flows before reuse - net: support compat 64-bit time in {s,g}etsockopt - openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found - qmi_wwan: do not steal interfaces from class drivers - r8169: fix powering up RTL8168h - sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr - sctp: use the old asoc when making the cookie-ack chunk in dupcook_d - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). - bonding: do not allow rlb updates to invalid mac - tcp: ignore Fast Open on repair mode - sctp: fix the issue that the cookie-ack with auth can't get processed - sctp: delay the authentication for the duplicated cookie-echo chunk - ALSA: timer: Call notifier in the same spinlock - audit: move calcs after alloc and check when logging set loginuid - arm64: introduce mov_q macro to move a constant into a 64-bit register - [Config] Add CONFIG_ARM64_ERRATUM_1024718=y - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 - futex: Remove unnecessary warning from get_futex_key - futex: Remove duplicated code and fix undefined behaviour - xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM) - lockd: lost rollback of set_grace_period() in lockd_down_net() - Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap" - l2tp: revert "l2tp: fix missing print session offset info" - pipe: cap initial pipe capacity according to pipe-max-size limit - futex: futex_wake_op, fix sign_extend32 sign bits - kernel/exit.c: avoid undefined behaviour when calling wait4() - usbip: usbip_host: refine probe and disconnect debug msgs to be useful - usbip: usbip_host: delete device from busid_table after rebind - usbip: usbip_host: run rebind from exit when module is removed - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors - usbip: usbip_host: fix bad unlock balance during stub_probe() - ALSA: usb: mixer: volume quirk for CM102-A+/102S+ - ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist - ALSA: control: fix a redundant-copy issue - spi: pxa2xx: Allow 64-bit DMA - powerpc/powernv: panic() on OPAL < V3 - powerpc/powernv: Remove OPALv2 firmware define and references - powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL - cpuidle: coupled: remove unused define cpuidle_coupled_lock - powerpc: Don't preempt_disable() in show_cpuinfo() - vmscan: do not force-scan file lru if its absolute size is small - mm: filemap: remove redundant code in do_read_cache_page - mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read - signals: avoid unnecessary taking of sighand->siglock - tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all} - proc read mm's {arg,env}_{start,end} with mmap semaphore taken. - powerpc/powernv: Fix NVRAM sleep in invalid context when crashing - mm: don't allow deferred pages with NEED_PER_CPU_KM - s390/qdio: fix access to uninitialized qdio_q fields - s390/qdio: don't release memory in qdio_setup_irq() - s390: remove indirect branch from do_softirq_own_stack - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode - ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr - tick/broadcast: Use for_each_cpu() specially on UP kernels - ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed - ARM: 8770/1: kprobes: Prohibit probing on optimized_callback - ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions - Btrfs: fix xattr loss after power failure - btrfs: fix crash when trying to resume balance without the resume flag - btrfs: fix reading stale metadata blocks after degraded raid1 mounts - net: test tailroom before appending to linear skb - packet: in packet_snd start writing at link layer allocation - sock_diag: fix use-after-free read in __sk_free - tcp: purge write queue in tcp_connect_init() - ext2: fix a block leak - s390: add assembler macros for CPU alternatives - s390: move expoline assembler macros to a header - s390/lib: use expoline for indirect branches - s390/kernel: use expoline for indirect branches - s390: move spectre sysfs attribute code - s390: extend expoline to BC instructions - s390: use expoline thunks in the BPF JIT - scsi: libsas: defer ata device eh commands to libata - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() - scsi: zfcp: fix infinite iteration on ERP ready list - dmaengine: ensure dmaengine helpers check valid callback - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting - gpio: rcar: Add Runtime PM handling for interrupts - cfg80211: limit wiphy names to 128 bytes - hfsplus: stop workqueue when fill_super() failed - x86/kexec: Avoid double free_page() upon do_kexec_load() failure - Linux 4.4.133 * vmxnet3: update to latest ToT (LP: #1768143) - vmxnet3: avoid xmit reset due to a race in vmxnet3 - vmxnet3: use correct flag to indicate LRO feature - vmxnet3: fix incorrect dereference when rxvlan is disabled * Prevent speculation on user controlled pointer (LP: #1775137) - x86: reorganize SMAP handling in user space accesses - x86: fix SMAP in 32-bit environments - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec * Xenial update to 4.4.132 stable release (LP: #1774173) - perf/core: Fix the perf_cpu_time_max_percent check - bpf: map_get_next_key to return first key on NULL - percpu: include linux/sched.h for cond_resched() - mac80211: allow not sending MIC up from driver for HW crypto - mac80211: allow same PN for AMSDU sub-frames - mac80211: Add RX flag to indicate ICV stripped - ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode - ath10k: rebuild crypto header in rx data frames - gpmi-nand: Handle ECC Errors in erased pages - USB: serial: option: Add support for Quectel EP06 - ALSA: pcm: Check PCM state at xfern compat ioctl - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() - ALSA: aloop: Mark paused device as inactive - ALSA: aloop: Add missing cable lock to ctl API callbacks - tracepoint: Do not warn on ENOMEM - Input: leds - fix out of bound access - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro - xfs: prevent creating negative-sized file via INSERT_RANGE - RDMA/ucma: Allow resolving address w/o specifying source address - RDMA/mlx5: Protect from shift operand overflow - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 - IB/mlx5: Use unlimited rate when static rate is not supported - drm/vmwgfx: Fix a buffer object leak - test_firmware: fix setting old custom fw path back on exit, second try - USB: serial: visor: handle potential invalid device configuration - USB: Accept bulk endpoints with 1024-byte maxpacket - USB: serial: option: reimplement interface masking - USB: serial: option: adding support for ublox R410M - usb: musb: host: fix potential NULL pointer dereference - ipvs: fix rtnl_lock lockups caused by start_sync_thread - crypto: af_alg - fix possible uninit-value in alg_bind() - netlink: fix uninit-value in netlink_sendmsg - net: fix rtnh_ok() - net: initialize skb->peeked when cloning - net: fix uninit-value in __hw_addr_add_ex() - dccp: initialize ireq->ir_mark - soreuseport: initialise timewait reuseport field - perf: Remove superfluous allocation error check - tcp: fix TCP_REPAIR_QUEUE bound checking - bdi: Fix oops in wb_workfn() - f2fs: fix a dead loop in f2fs_fiemap() - xfrm_user: fix return value from xfrm_user_rcv_msg - rfkill: gpio: fix memory leak in probe error path - libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs - tracing: Fix regex_match_front() to not over compare the test string - can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() - net: atm: Fix potential Spectre v1 - atm: zatm: Fix potential Spectre v1 - Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" - tracing/uprobe_event: Fix strncpy corner case - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* - perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr - perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() - Linux 4.4.132 * Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181) - Documentation: Document array_index_nospec - array_index_nospec: Sanitize speculative array de-references - x86: Implement array_index_mask_nospec - x86: Introduce barrier_nospec - x86/get_user: Use pointer masking to limit speculation - x86/syscall: Sanitize syscall table de-references under speculation - vfs, fdtable: Prevent bounds-check bypass via speculative execution - nl80211: Sanitize array index in parse_txq_params - x86/spectre: Report get_user mitigation for spectre_v1 - x86/kvm: Update spectre-v1 mitigation - nospec: Allow index argument to have const-qualified type - x86/syscall: Sanitize syscall table de-references under speculation fix - mpls, nospec: Sanitize array index in mpls_label_ok() - nospec: Include <asm/barrier.h> dependency - nospec: Move array_index_nospec() parameter checking into separate macro - nospec: Kill array_index_nospec_mask_check() - ALSA: seq: oss: Hardening for potential Spectre v1 - ALSA: hda: Hardening for potential Spectre v1 - SAUCE: Replace osb() calls with array_index_nospec() - SAUCE: Rename osb() to barrier_nospec() - SAUCE: bpf: Use barrier_nospec() instead of osb() * CVE-2018-3639 (x86) - KVM: x86: remove magic number with enum cpuid_leafs - SAUCE: x86/cpufeatures: Move CPUID_7_EDX CPUID bits to word 18 - SAUCE: x86: Remove double include - SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto - SAUCE: x86/speculation: Query individual feature flags when reloading microcode * cpum_sf: ensure sample freq is non-zero (LP: #1772593) - s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero * ELANPAD ELAN0612 does not work, patch available (LP: #1773509) - SAUCE: Input: elan_i2c - add ELAN0612 to the ACPI table * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336) - SAUCE: CacheFiles: fix a read_waiter/read_copier race * Kernel 4.4 NBD size overflow with image size exceeding 1TB (LP: #1772575) - nbd: use loff_t for blocksize and nbd_set_size args - nbd: fix 64-bit division * 4.4.0-127.153 generates many "sit: non-ECT" messages (LP: #1772775) - Revert "sit: reload iphdr in ipip6_rcv" * Creation of IMA file hashes fails when appraisal is enabled (LP: #1771826) - Revert "ima: limit file hash setting by user to fix and log modes" * Setting ipv6.disable=1 prevents both IPv4 and IPv6 socket opening for VXLAN tunnels (LP: #1771301) - vxlan: correctly handle ipv6.disable module parameter * CVE-2018-7755 - SAUCE: floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl * Support UVC1.5 Camera for Xenial (LP: #1773905) - uvcvideo: Enable UVC 1.5 device detection * Kernel produces empty lines in /proc/PID/status (LP: #1772671) - SAUCE: seccomp: Remove double newline sequence in /proc/PID/status * rfi-flush: Switch to new linear fallback flush (LP: #1744173) - powerpc/64s: Improve RFI L1-D cache flush fallback - SAUCE: rfi-flush: Make it possible to call setup_rfi_flush() again -- Stefan Bader <stefan.ba...@canonical.com> Thu, 14 Jun 2018 06:53:41 +0200 ** Changed in: linux (Ubuntu Xenial) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3665 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7755 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1776822 Title: linux: 4.4.0-130.156 -proposed tracker To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1776822/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs