This bug was fixed in the package linux - 4.17.0-9.10 --------------- linux (4.17.0-9.10) cosmic; urgency=medium
* linux: 4.17.0-9.10 -proposed tracker (LP: #1787988) * Cosmic update to 4.17.17 stable release (LP: #1787973) - x86/speculation/l1tf: Exempt zeroed PTEs from inversion - Linux 4.17.17 * Cosmic update to 4.17.16 stable release (LP: #1787972) - x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled - x86: i8259: Add missing include file - x86/platform/UV: Mark memblock related init code and data correctly - x86/mm/pti: Clear Global bit more aggressively - xen/pv: Call get_cpu_address_sizes to set x86_virt/phys_bits - x86/mm: Disable ioremap free page handling on x86-PAE - kbuild: verify that $DEPMOD is installed - crypto: ccree - fix finup - crypto: ccree - fix iv handling - crypto: ccp - Check for NULL PSP pointer at module unload - crypto: ccp - Fix command completion detection race - crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() - crypto: vmac - require a block cipher with 128-bit block size - crypto: vmac - separate tfm and request context - crypto: blkcipher - fix crash flushing dcache in error path - crypto: ablkcipher - fix crash flushing dcache in error path - crypto: skcipher - fix aligning block size in skcipher_copy_iv() - crypto: skcipher - fix crash flushing dcache in error path - ioremap: Update pgtable free interfaces with addr - x86/mm: Add TLB purge to free pmd/pte page interfaces - Linux 4.17.16 * Cosmic update to 4.17.16 stable release (LP: #1787972) // CVE-2018-9363 - Bluetooth: hidp: buffer overflow in hidp_process_report * linux-cloud-tools-common: Ensure hv-kvp-daemon.service starts before walinuxagent.service (LP: #1739107) - [Debian] hyper-v -- Ensure that hv-kvp-daemon.service starts before walinuxagent.service * Miscellaneous Ubuntu changes - [Packaging] retpoline -- fix temporary filenaming linux (4.17.0-8.9) cosmic; urgency=medium * linux: 4.17.0-8.9 -proposed tracker (LP: #1787259) * Cosmic update to v4.17.15 stable release (LP: #1787257) - parisc: Enable CONFIG_MLONGCALLS by default - parisc: Define mb() and add memory barriers to assembler unlock sequences - Mark HI and TASKLET softirq synchronous - stop_machine: Disable preemption after queueing stopper threads - sched/deadline: Update rq_clock of later_rq when pushing a task - zram: remove BD_CAP_SYNCHRONOUS_IO with writeback feature - xen/netfront: don't cache skb_shinfo() - bpf, sockmap: fix leak in bpf_tcp_sendmsg wait for mem path - bpf, sockmap: fix bpf_tcp_sendmsg sock error handling - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled - scsi: qla2xxx: Fix memory leak for allocating abort IOCB - init: rename and re-order boot_cpu_state_init() - root dentries need RCU-delayed freeing - make sure that __dentry_kill() always invalidates d_seq, unhashed or not - fix mntput/mntput race - fix __legitimize_mnt()/mntput() race - ARM: dts: imx6sx: fix irq for pcie bridge - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests - x86/speculation: Protect against userspace-userspace spectreRSB - kprobes/x86: Fix %p uses in error messages - x86/irqflags: Provide a declaration for native_save_fl - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT - x86/speculation/l1tf: Change order of offset/type in swap entry - x86/speculation/l1tf: Protect swap entries against L1TF - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation - x86/speculation/l1tf: Make sure the first page is always reserved - x86/speculation/l1tf: Add sysfs reporting for l1tf - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings - x86/speculation/l1tf: Limit swap file size to MAX_PA/2 - x86/bugs: Move the l1tf function and define pr_fmt properly - sched/smt: Update sched_smt_present at runtime - x86/smp: Provide topology_is_primary_thread() - x86/topology: Provide topology_smt_supported() - cpu/hotplug: Make bringup/teardown of smp threads symmetric - cpu/hotplug: Split do_cpu_down() - cpu/hotplug: Provide knobs to control SMT - x86/cpu: Remove the pointless CPU printout - x86/cpu/AMD: Remove the pointless detect_ht() call - x86/cpu/common: Provide detect_ht_early() - x86/cpu/topology: Provide detect_extended_topology_early() - x86/cpu/intel: Evaluate smp_num_siblings early - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info - x86/cpu/AMD: Evaluate smp_num_siblings early - x86/apic: Ignore secondary threads if nosmt=force - x86/speculation/l1tf: Extend 64bit swap file size limit - x86/cpufeatures: Add detection of L1D cache flush support. - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings - x86/speculation/l1tf: Protect PAE swap entries against L1TF - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE - Revert "x86/apic: Ignore secondary threads if nosmt=force" - cpu/hotplug: Boot HT siblings at least once - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present - x86/KVM/VMX: Add module argument for L1TF mitigation - x86/KVM/VMX: Add L1D flush algorithm - x86/KVM/VMX: Add L1D MSR based flush - x86/KVM/VMX: Add L1D flush logic - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers - x86/KVM/VMX: Add find_msr() helper function - x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required - cpu/hotplug: Online siblings when SMT control is turned on - x86/litf: Introduce vmx status variable - x86/kvm: Drop L1TF MSR list approach - x86/l1tf: Handle EPT disabled state proper - x86/kvm: Move l1tf setup function - x86/kvm: Add static key for flush always - x86/kvm: Serialize L1D flush parameter setter - x86/kvm: Allow runtime control of L1D flush - cpu/hotplug: Expose SMT control init function - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations - Documentation: Add section about CPU vulnerabilities - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content - Documentation/l1tf: Fix typos - cpu/hotplug: detect SMT disabled by BIOS - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d - x86: Don't include linux/irq.h from asm/hardirq.h - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() - Documentation/l1tf: Remove Yonah processors from not vulnerable list - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry - cpu/hotplug: Fix SMT supported evaluation - x86/speculation/l1tf: Invert all not present mappings - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert - x86/mm/pat: Make set_memory_np() L1TF safe - x86/mm/kmmio: Make the tracer robust against L1TF - tools headers: Synchronize prctl.h ABI header - tools headers: Synchronise x86 cpufeatures.h for L1TF additions - x86/microcode: Allow late microcode loading with SMT disabled - x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread - cpu/hotplug: Non-SMP machines do not make use of booted_once - x86/init: fix build with CONFIG_SWAP=n - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present - Linux 4.17.15 - [Config] updateconfigs after v4.17.15 stable update * Cosmic update to v4.17.14 stable release (LP: #1787031) - scsi: qla2xxx: Fix unintialized List head crash - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion - scsi: qla2xxx: Fix driver unload by shutting down chip - scsi: qla2xxx: Fix ISP recovery on unload - scsi: qla2xxx: Return error when TMF returns - jfs: Fix usercopy whitelist for inline inode data - genirq: Make force irq threading setup more robust - perf/x86/intel/uncore: Fix hardcoded index of Broadwell extra PCI devices - nohz: Fix local_timer_softirq_pending() - nohz: Fix missing tick reprogram when interrupting an inline softirq - netlink: Don't shift on 64 for ngroups - ring_buffer: tracing: Inherit the tracing setting to next ring buffer - i2c: imx: Fix reinit_completion() use - Btrfs: fix file data corruption after cloning a range and fsync - Partially revert "block: fail op_is_write() requests to read-only partitions" - xfs: validate cached inodes are free when allocated - Linux 4.17.14 * Consider enabling CONFIG_NETWORK_PHY_TIMESTAMPING (LP: #1785816) - [Config] Enable timestamping in network PHY devices * Cosmic update to 4.17.13 stable release (LP: #1785710) - bonding: avoid lockdep confusion in bond_get_stats() - inet: frag: enforce memory limits earlier - ipv4: frags: handle possible skb truesize change - net: dsa: Do not suspend/resume closed slave_dev - netlink: Fix spectre v1 gadget in netlink_create() - net: stmmac: Fix WoL for PCI-based setups - rxrpc: Fix user call ID check in rxrpc_service_prealloc_one - net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager - net/mlx5e: Set port trust mode to PCP as default - net/mlx5e: IPoIB, Set the netdevice sw mtu in ipoib enhanced flow - squashfs: more metadata hardening - squashfs: more metadata hardenings - can: ems_usb: Fix memory leak on ems_usb_disconnect() - net: socket: fix potential spectre v1 gadget in socketcall - net: socket: Fix potential spectre v1 gadget in sock_is_registered - virtio_balloon: fix another race between migration and ballooning - x86/efi: Access EFI MMIO data as unencrypted when SEV is active - x86/apic: Future-proof the TSC_DEADLINE quirk for SKX - x86/entry/64: Remove %ebx handling from error_entry/exit - kvm: x86: vmx: fix vpid leak - audit: fix potential null dereference 'context->module.name' - ipc/shm.c add ->pagesize function to shm_vm_ops - userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails - iwlwifi: add more card IDs for 9000 series - brcmfmac: fix regression in parsing NVRAM for multiple devices - RDMA/uverbs: Expand primary and alt AV port checks - crypto: padlock-aes - Fix Nano workaround data corruption - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats - drm/atomic: Check old_plane_state->crtc in drm_atomic_helper_async_check() - drm/atomic: Initialize variables in drm_atomic_helper_async_check() to make gcc happy - scsi: sg: fix minor memory leak in error path - Linux 4.17.13 * CacheFiles: Error: Overlong wait for old active object to go away. (LP: #1776254) - cachefiles: Fix missing clear of the CACHEFILES_OBJECT_ACTIVE flag - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" * fscache cookie refcount updated incorrectly during fscache object allocation (LP: #1776277) // fscache cookie refcount updated incorrectly during fscache object allocation (LP: #1776277) - fscache: Fix reference overput in fscache_attach_object() error handling * FS-Cache: Assertion failed: FS-Cache: 6 == 5 is false (LP: #1774336) - Revert "UBUNTU: SAUCE: CacheFiles: fix a read_waiter/read_copier race" - fscache: Allow cancelled operations to be enqueued - cachefiles: Fix refcounting bug in backing-file read monitoring * Miscellaneous Ubuntu changes - [Config] CONFIG_SYSCTL_SYSCALL=n -- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Mon, 20 Aug 2018 14:37:36 -0300 ** Changed in: linux (Ubuntu) Status: Triaged => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-9363 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1776277 Title: fscache cookie refcount updated incorrectly during fscache object allocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1776277/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs