This bug was fixed in the package linux-kvm - 5.0.0-1015.16 --------------- linux-kvm (5.0.0-1015.16) disco; urgency=medium
* disco/linux-kvm: 5.0.0-1015.16 -proposed tracker (LP: #1840810) [ Ubuntu: 5.0.0-27.28 ] * disco/linux: 5.0.0-27.28 -proposed tracker (LP: #1840816) * [Potential Regression] System crashes when running ftrace test in ubuntu_kernel_selftests (LP: #1840750) - x86/kprobes: Set instruction page as executable linux-kvm (5.0.0-1014.15) disco; urgency=medium * disco/linux-kvm: 5.0.0-1014.15 -proposed tracker (LP: #1839965) [ Ubuntu: 5.0.0-26.27 ] * disco/linux: 5.0.0-26.27 -proposed tracker (LP: #1839972) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * alsa/hdmi: add icelake hdmi audio support for a Dell machine (LP: #1836916) - ALSA: hda: hdmi - add Icelake support - ALSA: hda/hdmi - Remove duplicated define - ALSA: hda/hdmi - Fix i915 reverse port/pin mapping * input/mouse: alps trackpoint-only device doesn't work (LP: #1836752) - Input: alps - don't handle ALPS cs19 trackpoint-only device - Input: alps - fix a mismatch between a condition check and its comment * [18.04 FEAT] Enhanced hardware support (LP: #1836857) - s390: report new CPU capabilities - s390: add alignment hints to vector load and store * System does not auto detect disconnection of external monitor (LP: #1835001) - drm/i915: Add support for retrying hotplug - drm/i915: Enable hotplug retry * [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860) - s390/cpum_cf: Add support for CPU-MF SVN 6 - s390/cpumf: Add extended counter set definitions for model 8561 and 8562 * EeePC 1005px laptop backlight is off after system boot up (LP: #1837117) - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi * br_netfilter: namespace sysctl operations (LP: #1836910) - netfilter: bridge: port sysctls to use brnf_net - netfilter: bridge: namespace bridge netfilter sysctls - netfilter: bridge: prevent UAF in brnf_exit_net() * ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136) - platform/x86: ideapad-laptop: Remove no_hw_rfkill_list * shiftfs: allow overlayfs (LP: #1838677) - SAUCE: shiftfs: enable overlayfs on shiftfs * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665) - bcache: never writeback a discard operation - bcache: improve bcache_reboot() - SAUCE: bcache: fix deadlock in bcache_allocator * Regressions in CMA allocation rework (LP: #1839395) - dma-contiguous: do not overwrite align in dma_alloc_contiguous() - dma-contiguous: page-align the size in dma_free_contiguous() * CVE-2019-3900 - vhost: introduce vhost_exceeds_weight() - vhost_net: fix possible infinite loop - vhost: vsock: add weight support - vhost: scsi: add weight support * Disco update: 5.0.21 upstream stable release (LP: #1837518) - bonding/802.3ad: fix slave link initialization transition states - cxgb4: offload VLAN flows regardless of VLAN ethtype - inet: switch IP ID generator to siphash - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address - ipv6: Fix redirect with VRF - llc: fix skb leak in llc_build_and_send_ui_pkt() - mlxsw: spectrum_acl: Avoid warning after identical rules insertion - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT - net: fec: fix the clk mismatch in failed_reset path - net-gro: fix use-after-free read in napi_gro_frags() - net: mvneta: Fix err code path of probe - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value - net: phy: marvell10g: report if the PHY fails to boot firmware - net: sched: don't use tc_action->order during action dump - net: stmmac: fix reset gpio free missing - r8169: fix MAC address being lost in PCI D3 - usbnet: fix kernel crash after disconnect - net/mlx5: Avoid double free in fs init error unwinding path - tipc: Avoid copying bytes beyond the supplied data - net/mlx5: Allocate root ns memory using kzalloc to match kfree - net/mlx5e: Disable rxhash when CQE compress is enabled - net: stmmac: fix ethtool flow control not able to get/set - net: stmmac: dma channel control register need to be init first - bnxt_en: Fix aggregation buffer leak under OOM condition. - bnxt_en: Fix possible BUG() condition when calling pci_disable_msix(). - bnxt_en: Reduce memory usage when running in kdump kernel. - net/tls: fix state removal with feature flags off - net/tls: don't ignore netdev notifications if no TLS features - cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size" - net: correct zerocopy refcnt with udp MSG_MORE - crypto: vmx - ghash: do nosimd fallback manually - xen/pciback: Don't disable PCI_COMMAND on PCI device reset. - Revert "tipc: fix modprobe tipc failed after switch order of device registration" - tipc: fix modprobe tipc failed after switch order of device registration - Linux 5.0.21 * Disco update: 5.0.20 upstream stable release (LP: #1837517) - x86: Hide the int3_emulate_call/jmp functions from UML - ext4: do not delete unlinked inode from orphan list on failed truncate - ext4: wait for outstanding dio during truncate in nojournal mode - KVM: x86: fix return value for reserved EFER - bio: fix improper use of smp_mb__before_atomic() - sbitmap: fix improper use of smp_mb__before_atomic() - Revert "scsi: sd: Keep disk read-only when re-reading partition" - crypto: hash - fix incorrect HASH_MAX_DESCSIZE - crypto: vmx - CTR: always increment IV as quadword - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem - kvm: svm/avic: fix off-by-one in checking host APIC ID - libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead - arm64/kernel: kaslr: reduce module randomization range to 2 GB - arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable - gfs2: Fix sign extension bug in gfs2_update_stats - btrfs: don't double unlock on error in btrfs_punch_hole - Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path - Btrfs: avoid fallback to transaction commit during fsync of files with holes - Btrfs: fix race between ranged fsync and writeback of adjacent ranges - btrfs: sysfs: Fix error path kobject memory leak - btrfs: sysfs: don't leak memory when failing add fsid - fbdev: fix divide error in fb_var_to_videomode - cifs: fix credits leak for SMB1 oplock breaks - arm64: errata: Add workaround for Cortex-A76 erratum #1463225 - [Config] Add CONFIG_ARM64_ERRATUM_1463225 - btrfs: honor path->skip_locking in backref code - ovl: relax WARN_ON() for overlapping layers use case - fbdev: fix WARNING in __alloc_pages_nodemask bug - media: cpia2: Fix use-after-free in cpia2_exit - media: serial_ir: Fix use-after-free in serial_ir_init_module - media: vb2: add waiting_in_dqbuf flag - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit - bpf: devmap: fix use-after-free Read in __dev_map_entry_free - batman-adv: mcast: fix multicast tt/tvlv worker locking - at76c50x-usb: Don't register led_trigger if usb_register_driver failed - acct_on(): don't mess with freeze protection - netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression - Revert "btrfs: Honour FITRIM range constraints during free space trim" - gfs2: Fix lru_count going negative - cxgb4: Fix error path in cxgb4_init_module - afs: Fix getting the afs.fid xattr - NFS: make nfs_match_client killable - gfs2: fix race between gfs2_freeze_func and unmount - IB/hfi1: Fix WQ_MEM_RECLAIM warning - gfs2: Fix occasional glock use-after-free - mmc: core: Verify SD bus width - tools/bpf: fix perf build error with uClibc (seen on ARC) - selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c - bpftool: exclude bash-completion/bpftool from .gitignore pattern - ice: Separate if conditions for ice_set_features() - blk-mq: split blk_mq_alloc_and_init_hctx into two parts - blk-mq: grab .q_usage_counter when queuing request from plug code path - dmaengine: tegra210-dma: free dma controller in remove() - net: ena: gcc 8: fix compilation warning - net: ena: fix: set freed objects to NULL to avoid failing future allocations - hv_netvsc: fix race that may miss tx queue wakeup - Bluetooth: Ignore CC events not matching the last HCI command - pinctrl: zte: fix leaked of_node references - ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE - usb: dwc2: gadget: Increase descriptors count for ISOC's - usb: dwc3: move synchronize_irq() out of the spinlock protected block - usb: gadget: f_fs: don't free buffer prematurely - ASoC: hdmi-codec: unlock the device on startup errors - powerpc/perf: Return accordingly on invalid chip-id in - powerpc/boot: Fix missing check of lseek() return value - powerpc/perf: Fix loop exit condition in nest_imc_event_init - spi: atmel-quadspi: fix crash while suspending - ASoC: imx: fix fiq dependencies - spi: pxa2xx: fix SCR (divisor) calculation - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() - drm/nouveau/bar/nv50: ensure BAR is mapped - media: stm32-dcmi: return appropriate error codes during probe - ARM: vdso: Remove dependency with the arch_timer driver internals - arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable - x86/ftrace: Set trampoline pages as executable - powerpc/watchdog: Use hrtimers for per-CPU heartbeat - sched/cpufreq: Fix kobject memleak - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() - scsi: qla2xxx: Fix hardirq-unsafe locking - x86/modules: Avoid breaking W^X while loading modules - Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve - btrfs: fix panic during relocation after ENOSPC before writeback happens - btrfs: Don't panic when we can't find a root key - iwlwifi: pcie: don't crash on invalid RX interrupt - rtc: 88pm860x: prevent use-after-free on device remove - rtc: stm32: manage the get_irq probe defer case - scsi: qedi: Abort ep termination if offload not scheduled - s390/kexec_file: Fix detection of text segment in ELF loader - ALSA: hda: fix unregister device twice on ASoC driver - sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs - net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode - w1: fix the resume command API - net: phy: improve genphy_soft_reset - s390: qeth: address type mismatch warning - dmaengine: pl330: _stop: clear interrupt status - mac80211/cfg80211: update bss channel on channel switch - libbpf: fix samples/bpf build failure due to undefined UINT32_MAX - slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register - ASoC: fsl_sai: Update is_slave_mode with correct value - Fix nfs4.2 return -EINVAL when do dedupe operation - mwifiex: prevent an array overflow - rsi: Fix NULL pointer dereference in kmalloc - net: cw1200: fix a NULL pointer dereference - nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE - nvme-rdma: fix a NULL deref when an admin connect times out - nvme-tcp: fix a NULL deref when an admin connect times out - crypto: sun4i-ss - Fix invalid calculation of hash end - bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set - bcache: return error immediately in bch_journal_replay() - bcache: fix failure in journal relplay - bcache: add failure check to run_cache_set() for journal replay - bcache: avoid clang -Wunintialized warning - RDMA/cma: Consider scope_id while binding to ipv6 ll address - vfio-ccw: Do not call flush_workqueue while holding the spinlock - vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev - x86/build: Move _etext to actual end of .text - smpboot: Place the __percpu annotation correctly - x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation - x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions - Bluetooth: hci_qca: Give enough time to ROME controller to bootup. - Bluetooth: btbcm: Add default address for BCM43341B - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version - pinctrl: pistachio: fix leaked of_node references - pinctrl: st: fix leaked of_node references - pinctrl: samsung: fix leaked of_node references - clk: rockchip: undo several noc and special clocks as critical on rk3288 - perf/arm-cci: Remove broken race mitigation - dmaengine: at_xdmac: remove BUG_ON macro in tasklet - media: coda: clear error return value before picture run - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper - media: au0828: stop video streaming only when last user stops - media: ov2659: make S_FMT succeed even if requested format doesn't match - audit: fix a memory leak bug - media: stm32-dcmi: fix crash when subdev do not expose any formats - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() - media: pvrusb2: Prevent a buffer overflow - iio: adc: stm32-dfsdm: fix unmet direct dependencies detected - block: fix use-after-free on gendisk - powerpc/numa: improve control of topology updates - powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX - random: fix CRNG initialization when random.trust_cpu=1 - random: add a spinlock_t to struct batched_entropy - cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock - sched/core: Check quota and period overflow at usec to nsec conversion - sched/rt: Check integer overflow at usec to nsec conversion - sched/core: Handle overflow in cpu_shares_write_u64 - staging: vc04_services: handle kzalloc failure - drm/msm/dpu: release resources on modeset failure - drm/msm: a5xx: fix possible object reference leak - drm/msm: dpu: Don't set frame_busy_mask for async updates - drm/msm: Fix NULL pointer dereference - irq_work: Do not raise an IPI when queueing work on the local CPU - thunderbolt: Take domain lock in switch sysfs attribute callbacks - s390/qeth: handle error from qeth_update_from_chp_desc() - USB: core: Don't unbind interfaces following device reset failure - x86/irq/64: Limit IST stack overflow check to #DB stack - drm: etnaviv: avoid DMA API warning when importing buffers - dt-bindings: phy-qcom-qmp: Add UFS PHY reset - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode - phy: mapphone-mdm6600: add gpiolib dependency - dpaa2-eth: Fix Rx classification status - i40e: Able to add up to 16 MAC filters on an untrusted VF - i40e: don't allow changes to HW VLAN stripping on active port VLANs - ACPI/IORT: Reject platform device creation on NUMA node mapping failure - arm64: vdso: Fix clock_getres() for CLOCK_REALTIME - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure - perf/x86/msr: Add Icelake support - perf/x86/intel/rapl: Add Icelake support - perf/x86/intel/cstate: Add Icelake support - PM / devfreq: Fix static checker warning in try_then_request_governor - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers - mmc_spi: add a status check for spi_sync_locked - mmc: sdhci-of-esdhc: add erratum eSDHC5 support - mmc: sdhci-of-esdhc: add erratum A-009204 support - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support - drm/amdgpu: fix old fence check in amdgpu_fence_emit - PM / core: Propagate dev->power.wakeup_path when no callbacks - clk: rockchip: Fix video codec clocks on rk3288 - extcon: arizona: Disable mic detect if running when driver is removed - clk: rockchip: Make rkpwm a critical clock on rk3288 - clk: zynqmp: fix check for fractional clock - s390: zcrypt: initialize variables before_use - x86/microcode: Fix the ancient deprecated microcode loading method - s390/mm: silence compiler warning when compiling without CONFIG_PGSTE - s390: cio: fix cio_irb declaration - selftests: cgroup: fix cleanup path in test_memcg_subtree_control() - qmi_wwan: Add quirk for Quectel dynamic config - cpufreq: ppc_cbe: fix possible object reference leak - cpufreq/pasemi: fix possible object reference leak - cpufreq: pmac32: fix possible object reference leak - cpufreq: kirkwood: fix possible object reference leak - cpufreq: imx6q: fix possible object reference leak - block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR - samples/bpf: fix build with new clang - x86/build: Keep local relocations with ld.lld - regulator: core: Avoid potential deadlock on regulator_unregister - drm/pl111: fix possible object reference leak - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion - iio: hmc5843: fix potential NULL pointer dereferences - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data - iio: adc: ti-ads7950: Fix improper use of mlock - selftests/bpf: ksym_search won't check symbols exists - rtlwifi: fix a potential NULL pointer dereference - mwifiex: Fix mem leak in mwifiex_tm_cmd - brcmfmac: fix missing checks for kmemdup - b43: shut up clang -Wuninitialized variable warning - brcmfmac: convert dev_init_lock mutex to completion - brcmfmac: fix WARNING during USB disconnect in case of unempty psq - brcmfmac: fix race during disconnect when USB completion is in progress - brcmfmac: fix Oops when bringing up interface during USB disconnect - rtc: xgene: fix possible race condition - rtlwifi: fix potential NULL pointer dereference - scsi: ufs: Fix regulator load and icc-level configuration - scsi: ufs: Avoid configuring regulator with undefined voltage range - drm/panel: otm8009a: Add delay at the end of initialization - drm/amd/display: Prevent cursor hotspot overflow for RV overlay planes - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put - locking/static_key: Fix false positive warnings on concurrent dec/inc - wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext - x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP - x86/uaccess, signal: Fix AC=1 bloat - x86/ia32: Fix ia32_restore_sigcontext() AC leak - x86/uaccess: Fix up the fixup - chardev: add additional check for minor range overlap - sh: sh7786: Add explicit I/O cast to sh7786_mm_sel() - HID: core: move Usage Page concatenation to Main item - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put - cxgb3/l2t: Fix undefined behaviour - clk: renesas: rcar-gen3: Correct parent clock of SYS-DMAC - block: pass page to xen_biovec_phys_mergeable - clk: renesas: rcar-gen3: Correct parent clock of Audio-DMAC - HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent - spi: tegra114: reset controller on probe - kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice. - media: video-mux: fix null pointer dereferences - media: wl128x: prevent two potential buffer overflows - media: gspca: Kill URBs on USB device disconnect - efifb: Omit memory map check on legacy boot - thunderbolt: property: Fix a missing check of kzalloc - thunderbolt: Fix to check the return value of kmemdup - drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3 - timekeeping: Force upper bound for setting CLOCK_REALTIME - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check - virtio_console: initialize vtermno value for ports - tty: ipwireless: fix missing checks for ioremap - staging: mt7621-mmc: Initialize completions a single time during probe - overflow: Fix -Wtype-limits compilation warnings - x86/mce: Fix machine_check_poll() tests for error types - rcutorture: Fix cleanup path for invalid torture_type strings - x86/mce: Handle varying MCA bank counts - rcuperf: Fix cleanup path for invalid perf_type strings - rcu: Do a single rhp->func read in rcu_head_after_call_rcu() - spi: stm32-qspi: add spi_master_put in release function - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown - scsi: qla4xxx: avoid freeing unallocated dma memory - scsi: lpfc: avoid uninitialized variable warning - ice: Prevent unintended multiple chain resets - selinux: avoid uninitialized variable warning - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies - dmaengine: tegra210-adma: use devm_clk_*() helpers - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors - staging: mt7621-mmc: Check for nonzero number of scatterlist entries - hwrng: omap - Set default quality - thunderbolt: Fix to check return value of ida_simple_get - thunderbolt: Fix to check for kmemdup failure - drm/amd/display: fix releasing planes when exiting odm - drm/amd/display: Link train only when link is DP and backend is enabled - drm/amd/display: Reset alpha state for planes to the correct values - thunderbolt: property: Fix a NULL pointer dereference - media: v4l2-fwnode: The first default data lane is 0 on C-PHY - media: staging/intel-ipu3: mark PM function as __maybe_unused - tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers - igb: Exclude device from suspend direct complete optimization - media: si2165: fix a missing check of return value - media: dvbsky: Avoid leaking dvb frontend - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend - drm/amd/display: add pipe lock during stream update - media: staging: davinci_vpfe: disallow building with COMPILE_TEST - drm/amd/display: Fix Divide by 0 in memory calculations - drm/amd/display: Set stream->mode_changed when connectors change - scsi: ufs: fix a missing check of devm_reset_control_get - media: vimc: stream: fix thread state before sleep - media: gspca: do not resubmit URBs when streaming has stopped - media: go7007: avoid clang frame overflow warning with KASAN - media: vimc: zero the media_device on probe - media: vim2m: replace devm_kzalloc by kzalloc - media: cedrus: Add a quirk for not setting DMA offset - scsi: lpfc: Fix FDMI manufacturer attribute value - scsi: lpfc: Fix fc4type information for FDMI - media: saa7146: avoid high stack usage with clang - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices - scsi: lpfc: Fix use-after-free mailbox cmd completion - audit: fix a memleak caused by auditing load module - spi : spi-topcliff-pch: Fix to handle empty DMA buffers - drm: writeback: Fix leak of writeback job - drm/omap: dsi: Fix PM for display blank with paired dss_pll calls - drm/omap: Notify all devices in the pipeline of output disconnection - spi: rspi: Fix sequencer reset during initialization - regulator: wm831x ldo: Fix notifier mutex lock warning - regulator: wm831x isink: Fix notifier mutex lock warning - regulator: ltc3676: Fix notifier mutex lock warning - regulator: ltc3589: Fix notifier mutex lock warning - regulator: pv88060: Fix notifier mutex lock warning - spi: imx: stop buffer overflow in RX FIFO flush - regulator: lp8755: Fix notifier mutex lock warning - regulator: da9211: Fix notifier mutex lock warning - regulator: da9063: Fix notifier mutex lock warning - regulator: pv88080: Fix notifier mutex lock warning - regulator: wm831x: Fix notifier mutex lock warning - regulator: pv88090: Fix notifier mutex lock warning - regulator: da9062: Fix notifier mutex lock warning - regulator: da9055: Fix notifier mutex lock warning - spi: Fix zero length xfer bug - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM - ASoC: ti: fix davinci_mcasp_probe dependencies - drm/v3d: Handle errors from IRQ setup. - drm/drv: Hold ref on parent device during drm_device lifetime - drm: Wake up next in drm_read() chain if we are forced to putback the event - drm/sun4i: dsi: Change the start delay calculation - vfio-ccw: Prevent quiesce function going into an infinite loop - ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset - drm/sun4i: dsi: Enforce boundaries on the start delay - NFS: Fix a double unlock from nfs_match,get_client - Linux 5.0.20 * Disco update: 5.0.19 upstream stable release (LP: #1837516) - ipv6: fix src addr routing with the exception table - ipv6: prevent possible fib6 leaks - net: Always descend into dsa/ - net: avoid weird emergency message - net/mlx4_core: Change the error print to info print - net: test nouarg before dereferencing zerocopy pointers - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions - nfp: flower: add rcu locks when accessing netdev for tunnels - ppp: deflate: Fix possible crash in deflate_init - rtnetlink: always put IFLA_LINK for links with a link-netnsid - tipc: switch order of device registration to fix a crash - vsock/virtio: free packets during the socket release - tipc: fix modprobe tipc failed after switch order of device registration - vsock/virtio: Initialize core virtio vsock before registering the driver - net/mlx5e: Add missing ethtool driver info for representors - net/mlx5e: Additional check for flow destination comparison - net/mlx5: Imply MLXFW in mlx5_core - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled - blk-mq: free hw queue's resource in hctx's release handler - regulator: core: fix error path for regulator_set_voltage_unlocked - parisc: Export running_on_qemu symbol for modules - parisc: Add memory clobber to TLB purges - parisc: Skip registering LED when running in QEMU - parisc: Add memory barrier to asm pdc and sync instructions - parisc: Allow live-patching of __meminit functions - parisc: Use PA_ASM_LEVEL in boot code - parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code - stm class: Fix channel free in stm output free path - stm class: Fix channel bitmap on 32-bit systems - brd: re-enable __GFP_HIGHMEM in brd_insert_page() - proc: prevent changes to overridden credentials - Revert "MD: fix lock contention for flush bios" - md: batch flush requests. - md: add mddev->pers to avoid potential NULL pointer dereference - md: add a missing endianness conversion in check_sb_changes - dcache: sort the freeing-without-RCU-delay mess for good. - intel_th: msu: Fix single mode with IOMMU - p54: drop device reference count if fails to enable device - of: fix clang -Wunsequenced for be32_to_cpu() - brcmfmac: Add DMI nvram filename quirk for ACEPC T8 and T11 mini PCs - phy: ti-pipe3: fix missing bit-wise or operator when assigning val - media: ov6650: Fix sensor possibly not detected on probe - media: imx: csi: Allow unknown nearest upstream entities - media: imx: Clear fwnode link struct for each endpoint iteration - RDMA/mlx5: Use get_zeroed_page() for clock_info - RDMA/ipoib: Allow user space differentiate between valid dev_port - NFS4: Fix v4.0 client state corruption when mount - PNFS fallback to MDS if no deviceid found - clk: hi3660: Mark clk_gate_ufs_subsys as critical - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider - clk: mediatek: Disable tuner_en before change PLL rate - clk: rockchip: fix wrong clock definitions for rk3328 - udlfb: delete the unused parameter for dlfb_handle_damage - udlfb: fix sleeping inside spinlock - udlfb: introduce a rendering mutex - fuse: fix writepages on 32bit - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate - ovl: fix missing upper fs freeze protection on copy up for ioctl - gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6 - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 - ceph: flush dirty inodes before proceeding with remount - x86_64: Add gap to int3 to allow for call emulation - x86_64: Allow breakpoints to emulate call instructions - ftrace/x86_64: Emulate call function while updating in breakpoint handler - tracing: Fix partial reading of trace event's id file - tracing: probeevent: Fix to make the type of $comm string - memory: tegra: Fix integer overflow on tick value calculation - perf intel-pt: Fix instructions sampling rate - perf intel-pt: Fix improved sample timestamp - perf intel-pt: Fix sample timestamp wrt non-taken branches - MIPS: perf: Fix build with CONFIG_CPU_BMIPS5000 enabled - objtool: Allow AR to be overridden with HOSTAR - x86/mpx, mm/core: Fix recursive munmap() corruption - fbdev/efifb: Ignore framebuffer memmap entries that lack any memory types - fbdev: sm712fb: fix brightness control on reboot, don't set SR30 - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM - fbdev: sm712fb: fix support for 1024x768-16 mode - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken - PCI: Mark Atheros AR9462 to avoid bus reset - PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary - PCI: Init PCIe feature bits for managed host bridge alloc - PCI/AER: Change pci_aer_init() stub to return void - PCI: rcar: Add the initialization of PCIe link in resume_noirq() - PCI: Factor out pcie_retrain_link() function - PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum - dm cache metadata: Fix loading discard bitset - dm zoned: Fix zone report handling - dm delay: fix a crash when invalid device is specified - dm crypt: move detailed message into debug level - dm integrity: correctly calculate the size of metadata area - dm mpath: always free attached_handler_name in parse_path() - fuse: Add FOPEN_STREAM to use stream_open() - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink - xfrm: Reset secpath in xfrm failure - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module - vti4: ipip tunnel deregistration fixes. - xfrm: clean up xfrm protocol checks - esp4: add length check for UDP encapsulation - xfrm: Honor original L3 slave device in xfrmi policy lookup - xfrm4: Fix uninitialized memory read in _decode_session4 - ARC: PAE40: don't panic and instead turn off hw ioc - clk: sunxi-ng: nkmp: Avoid GENMASK(-1, 0) - KVM: PPC: Book3S HV: Perserve PSSCR FAKE_SUSPEND bit on guest exit - KVM: PPC: Book3S: Protect memslots while validating user address - power: supply: cpcap-battery: Fix division by zero - securityfs: fix use-after-free on symlink traversal - apparmorfs: fix use-after-free on symlink traversal - PCI: Fix issue with "pci=disable_acs_redir" parameter being ignored - x86: kvm: hyper-v: deal with buggy TLB flush requests from WS2012 - mac80211: Fix kernel panic due to use of txq after free - net: ieee802154: fix missing checks for regmap_update_bits - KVM: arm/arm64: Ensure vcpu target is unset on reset failure - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG - tools: bpftool: fix infinite loop in map create - bpf: Fix preempt_enable_no_resched() abuse - qmi_wwan: new Wistron, ZTE and D-Link devices - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() - sched/cpufreq: Fix kobject memleak - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup - KVM: fix KVM_CLEAR_DIRTY_LOG for memory slots of unaligned size - KVM: selftests: make hyperv_cpuid test pass on AMD - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour - i2c: designware: ratelimit 'transfer when suspended' errors - perf bench numa: Add define for RUSAGE_THREAD if not present - perf cs-etm: Always allocate memory for cs_etm_queue::prev_packet - perf/x86/intel: Fix race in intel_pmu_disable_event() - Revert "Don't jump to compute_result state from check_result state" - md/raid: raid5 preserve the writeback action after the parity check - driver core: Postpone DMA tear-down until after devres release for probe failure - bpf: relax inode permission check for retrieving bpf program - bpf: add map_lookup_elem_sys_only for lookups from syscall side - bpf, lru: avoid messing with eviction heuristics upon syscall lookup - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough - Linux 5.0.19 * CVE-2019-13648 - powerpc/tm: Fix oops on sigreturn on systems without TM * bcache kernel warning when attaching device (LP: #1837788) - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached * CVE-2019-14283 - floppy: fix out-of-bounds read in copy_buffer * CVE-2019-14284 - floppy: fix div-by-zero in setup_format_params * alsa/hda: neither mute led nor mic-mute led work on several Lenovo laptops (LP: #1837963) - SAUCE: ALSA: hda - Add a conexant codec entry to let mute led work -- Khalid Elmously <khalid.elmou...@canonical.com> Tue, 20 Aug 2019 17:11:59 -0400 ** Changed in: linux-kvm (Ubuntu Disco) Status: Confirmed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13648 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14283 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14284 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3900 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840810 Title: disco/linux-kvm: 5.0.0-1015.16 -proposed tracker To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1840810/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs