This bug was fixed in the package linux-kvm - 5.0.0-1015.16

---------------
linux-kvm (5.0.0-1015.16) disco; urgency=medium

  * disco/linux-kvm: 5.0.0-1015.16 -proposed tracker (LP: #1840810)

  [ Ubuntu: 5.0.0-27.28 ]

  * disco/linux: 5.0.0-27.28 -proposed tracker (LP: #1840816)
  * [Potential Regression] System crashes when running ftrace test in
    ubuntu_kernel_selftests (LP: #1840750)
    - x86/kprobes: Set instruction page as executable

linux-kvm (5.0.0-1014.15) disco; urgency=medium

  * disco/linux-kvm: 5.0.0-1014.15 -proposed tracker (LP: #1839965)

  [ Ubuntu: 5.0.0-26.27 ]

  * disco/linux: 5.0.0-26.27 -proposed tracker (LP: #1839972)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * alsa/hdmi: add icelake hdmi audio support for a Dell machine (LP: #1836916)
    - ALSA: hda: hdmi - add Icelake support
    - ALSA: hda/hdmi - Remove duplicated define
    - ALSA: hda/hdmi - Fix i915 reverse port/pin mapping
  * input/mouse: alps trackpoint-only device doesn't work (LP: #1836752)
    - Input: alps - don't handle ALPS cs19 trackpoint-only device
    - Input: alps - fix a mismatch between a condition check and its comment
  * [18.04 FEAT] Enhanced hardware support (LP: #1836857)
    - s390: report new CPU capabilities
    - s390: add alignment hints to vector load and store
  * System does not auto detect disconnection of external monitor (LP: #1835001)
    - drm/i915: Add support for retrying hotplug
    - drm/i915: Enable hotplug retry
  * [18.04 FEAT] Enhanced CPU-MF hardware counters - kernel part (LP: #1836860)
    - s390/cpum_cf: Add support for CPU-MF SVN 6
    - s390/cpumf: Add extended counter set definitions for model 8561 and 8562
  * EeePC 1005px laptop backlight is off after system boot up (LP: #1837117)
    - platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys 
from
      asus_nb_wmi
  * br_netfilter: namespace sysctl operations (LP: #1836910)
    - netfilter: bridge: port sysctls to use brnf_net
    - netfilter: bridge: namespace bridge netfilter sysctls
    - netfilter: bridge: prevent UAF in brnf_exit_net()
  * ideapad_laptop disables WiFi/BT radios on Lenovo Y540 (LP: #1837136)
    - platform/x86: ideapad-laptop: Remove no_hw_rfkill_list
  * shiftfs: allow overlayfs (LP: #1838677)
    - SAUCE: shiftfs: enable overlayfs on shiftfs
  * bcache: bch_allocator_thread(): hung task timeout (LP: #1784665)
    - bcache: never writeback a discard operation
    - bcache: improve bcache_reboot()
    - SAUCE: bcache: fix deadlock in bcache_allocator
  * Regressions in CMA allocation rework (LP: #1839395)
    - dma-contiguous: do not overwrite align in dma_alloc_contiguous()
    - dma-contiguous: page-align the size in dma_free_contiguous()
  * CVE-2019-3900
    - vhost: introduce vhost_exceeds_weight()
    - vhost_net: fix possible infinite loop
    - vhost: vsock: add weight support
    - vhost: scsi: add weight support
  * Disco update: 5.0.21 upstream stable release (LP: #1837518)
    - bonding/802.3ad: fix slave link initialization transition states
    - cxgb4: offload VLAN flows regardless of VLAN ethtype
    - inet: switch IP ID generator to siphash
    - ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
    - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
    - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
    - ipv6: Fix redirect with VRF
    - llc: fix skb leak in llc_build_and_send_ui_pkt()
    - mlxsw: spectrum_acl: Avoid warning after identical rules insertion
    - net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
    - net: fec: fix the clk mismatch in failed_reset path
    - net-gro: fix use-after-free read in napi_gro_frags()
    - net: mvneta: Fix err code path of probe
    - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
    - net: phy: marvell10g: report if the PHY fails to boot firmware
    - net: sched: don't use tc_action->order during action dump
    - net: stmmac: fix reset gpio free missing
    - r8169: fix MAC address being lost in PCI D3
    - usbnet: fix kernel crash after disconnect
    - net/mlx5: Avoid double free in fs init error unwinding path
    - tipc: Avoid copying bytes beyond the supplied data
    - net/mlx5: Allocate root ns memory using kzalloc to match kfree
    - net/mlx5e: Disable rxhash when CQE compress is enabled
    - net: stmmac: fix ethtool flow control not able to get/set
    - net: stmmac: dma channel control register need to be init first
    - bnxt_en: Fix aggregation buffer leak under OOM condition.
    - bnxt_en: Fix possible BUG() condition when calling pci_disable_msix().
    - bnxt_en: Reduce memory usage when running in kdump kernel.
    - net/tls: fix state removal with feature flags off
    - net/tls: don't ignore netdev notifications if no TLS features
    - cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on page size"
    - net: correct zerocopy refcnt with udp MSG_MORE
    - crypto: vmx - ghash: do nosimd fallback manually
    - xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
    - Revert "tipc: fix modprobe tipc failed after switch order of device
      registration"
    - tipc: fix modprobe tipc failed after switch order of device registration
    - Linux 5.0.21
  * Disco update: 5.0.20 upstream stable release (LP: #1837517)
    - x86: Hide the int3_emulate_call/jmp functions from UML
    - ext4: do not delete unlinked inode from orphan list on failed truncate
    - ext4: wait for outstanding dio during truncate in nojournal mode
    - KVM: x86: fix return value for reserved EFER
    - bio: fix improper use of smp_mb__before_atomic()
    - sbitmap: fix improper use of smp_mb__before_atomic()
    - Revert "scsi: sd: Keep disk read-only when re-reading partition"
    - crypto: hash - fix incorrect HASH_MAX_DESCSIZE
    - crypto: vmx - CTR: always increment IV as quadword
    - mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time
      problem
    - mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
    - kvm: svm/avic: fix off-by-one in checking host APIC ID
    - libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
    - arm64/kernel: kaslr: reduce module randomization range to 2 GB
    - arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
    - gfs2: Fix sign extension bug in gfs2_update_stats
    - btrfs: don't double unlock on error in btrfs_punch_hole
    - Btrfs: do not abort transaction at btrfs_update_root() after failure to 
COW
      path
    - Btrfs: avoid fallback to transaction commit during fsync of files with 
holes
    - Btrfs: fix race between ranged fsync and writeback of adjacent ranges
    - btrfs: sysfs: Fix error path kobject memory leak
    - btrfs: sysfs: don't leak memory when failing add fsid
    - fbdev: fix divide error in fb_var_to_videomode
    - cifs: fix credits leak for SMB1 oplock breaks
    - arm64: errata: Add workaround for Cortex-A76 erratum #1463225
    - [Config] Add CONFIG_ARM64_ERRATUM_1463225
    - btrfs: honor path->skip_locking in backref code
    - ovl: relax WARN_ON() for overlapping layers use case
    - fbdev: fix WARNING in __alloc_pages_nodemask bug
    - media: cpia2: Fix use-after-free in cpia2_exit
    - media: serial_ir: Fix use-after-free in serial_ir_init_module
    - media: vb2: add waiting_in_dqbuf flag
    - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
    - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
    - bpf: devmap: fix use-after-free Read in __dev_map_entry_free
    - batman-adv: mcast: fix multicast tt/tvlv worker locking
    - at76c50x-usb: Don't register led_trigger if usb_register_driver failed
    - acct_on(): don't mess with freeze protection
    - netfilter: ctnetlink: Resolve conntrack L3-protocol flush regression
    - Revert "btrfs: Honour FITRIM range constraints during free space trim"
    - gfs2: Fix lru_count going negative
    - cxgb4: Fix error path in cxgb4_init_module
    - afs: Fix getting the afs.fid xattr
    - NFS: make nfs_match_client killable
    - gfs2: fix race between gfs2_freeze_func and unmount
    - IB/hfi1: Fix WQ_MEM_RECLAIM warning
    - gfs2: Fix occasional glock use-after-free
    - mmc: core: Verify SD bus width
    - tools/bpf: fix perf build error with uClibc (seen on ARC)
    - selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c
    - bpftool: exclude bash-completion/bpftool from .gitignore pattern
    - ice: Separate if conditions for ice_set_features()
    - blk-mq: split blk_mq_alloc_and_init_hctx into two parts
    - blk-mq: grab .q_usage_counter when queuing request from plug code path
    - dmaengine: tegra210-dma: free dma controller in remove()
    - net: ena: gcc 8: fix compilation warning
    - net: ena: fix: set freed objects to NULL to avoid failing future 
allocations
    - hv_netvsc: fix race that may miss tx queue wakeup
    - Bluetooth: Ignore CC events not matching the last HCI command
    - pinctrl: zte: fix leaked of_node references
    - ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE
    - usb: dwc2: gadget: Increase descriptors count for ISOC's
    - usb: dwc3: move synchronize_irq() out of the spinlock protected block
    - usb: gadget: f_fs: don't free buffer prematurely
    - ASoC: hdmi-codec: unlock the device on startup errors
    - powerpc/perf: Return accordingly on invalid chip-id in
    - powerpc/boot: Fix missing check of lseek() return value
    - powerpc/perf: Fix loop exit condition in nest_imc_event_init
    - spi: atmel-quadspi: fix crash while suspending
    - ASoC: imx: fix fiq dependencies
    - spi: pxa2xx: fix SCR (divisor) calculation
    - brcm80211: potential NULL dereference in
      brcmf_cfg80211_vndr_cmds_dcmd_handler()
    - ACPI / property: fix handling of data_nodes in acpi_get_next_subnode()
    - drm/nouveau/bar/nv50: ensure BAR is mapped
    - media: stm32-dcmi: return appropriate error codes during probe
    - ARM: vdso: Remove dependency with the arch_timer driver internals
    - arm64: Fix compiler warning from pte_unmap() with 
-Wunused-but-set-variable
    - x86/ftrace: Set trampoline pages as executable
    - powerpc/watchdog: Use hrtimers for per-CPU heartbeat
    - sched/cpufreq: Fix kobject memleak
    - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
    - scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
    - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in
      tcm_qla2xxx_close_session()
    - scsi: qla2xxx: Fix hardirq-unsafe locking
    - x86/modules: Avoid breaking W^X while loading modules
    - Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota
      reserve
    - btrfs: fix panic during relocation after ENOSPC before writeback happens
    - btrfs: Don't panic when we can't find a root key
    - iwlwifi: pcie: don't crash on invalid RX interrupt
    - rtc: 88pm860x: prevent use-after-free on device remove
    - rtc: stm32: manage the get_irq probe defer case
    - scsi: qedi: Abort ep termination if offload not scheduled
    - s390/kexec_file: Fix detection of text segment in ELF loader
    - ALSA: hda: fix unregister device twice on ASoC driver
    - sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs
    - net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode
    - w1: fix the resume command API
    - net: phy: improve genphy_soft_reset
    - s390: qeth: address type mismatch warning
    - dmaengine: pl330: _stop: clear interrupt status
    - mac80211/cfg80211: update bss channel on channel switch
    - libbpf: fix samples/bpf build failure due to undefined UINT32_MAX
    - slimbus: fix a potential NULL pointer dereference in
      of_qcom_slim_ngd_register
    - ASoC: fsl_sai: Update is_slave_mode with correct value
    - Fix nfs4.2 return -EINVAL when do dedupe operation
    - mwifiex: prevent an array overflow
    - rsi: Fix NULL pointer dereference in kmalloc
    - net: cw1200: fix a NULL pointer dereference
    - nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE
    - nvme-rdma: fix a NULL deref when an admin connect times out
    - nvme-tcp: fix a NULL deref when an admin connect times out
    - crypto: sun4i-ss - Fix invalid calculation of hash end
    - bcache: avoid potential memleak of list of journal_replay(s) in the
      CACHE_SYNC branch of run_cache_set
    - bcache: return error immediately in bch_journal_replay()
    - bcache: fix failure in journal relplay
    - bcache: add failure check to run_cache_set() for journal replay
    - bcache: avoid clang -Wunintialized warning
    - RDMA/cma: Consider scope_id while binding to ipv6 ll address
    - vfio-ccw: Do not call flush_workqueue while holding the spinlock
    - vfio-ccw: Release any channel program when releasing/removing vfio-ccw 
mdev
    - x86/build: Move _etext to actual end of .text
    - smpboot: Place the __percpu annotation correctly
    - x86/uaccess: Dont leak the AC flag into __put_user() argument evaluation
    - x86/mm: Remove in_nmi() warning from 64-bit implementation of
      vmalloc_fault()
    - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC
      versions
    - Bluetooth: hci_qca: Give enough time to ROME controller to bootup.
    - Bluetooth: btbcm: Add default address for BCM43341B
    - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
    - pinctrl: pistachio: fix leaked of_node references
    - pinctrl: st: fix leaked of_node references
    - pinctrl: samsung: fix leaked of_node references
    - clk: rockchip: undo several noc and special clocks as critical on rk3288
    - perf/arm-cci: Remove broken race mitigation
    - dmaengine: at_xdmac: remove BUG_ON macro in tasklet
    - media: coda: clear error return value before picture run
    - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
    - media: au0828: stop video streaming only when last user stops
    - media: ov2659: make S_FMT succeed even if requested format doesn't match
    - audit: fix a memory leak bug
    - media: stm32-dcmi: fix crash when subdev do not expose any formats
    - media: au0828: Fix NULL pointer dereference in 
au0828_analog_stream_enable()
    - media: pvrusb2: Prevent a buffer overflow
    - iio: adc: stm32-dfsdm: fix unmet direct dependencies detected
    - block: fix use-after-free on gendisk
    - powerpc/numa: improve control of topology updates
    - powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
    - random: fix CRNG initialization when random.trust_cpu=1
    - random: add a spinlock_t to struct batched_entropy
    - cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
    - sched/core: Check quota and period overflow at usec to nsec conversion
    - sched/rt: Check integer overflow at usec to nsec conversion
    - sched/core: Handle overflow in cpu_shares_write_u64
    - staging: vc04_services: handle kzalloc failure
    - drm/msm/dpu: release resources on modeset failure
    - drm/msm: a5xx: fix possible object reference leak
    - drm/msm: dpu: Don't set frame_busy_mask for async updates
    - drm/msm: Fix NULL pointer dereference
    - irq_work: Do not raise an IPI when queueing work on the local CPU
    - thunderbolt: Take domain lock in switch sysfs attribute callbacks
    - s390/qeth: handle error from qeth_update_from_chp_desc()
    - USB: core: Don't unbind interfaces following device reset failure
    - x86/irq/64: Limit IST stack overflow check to #DB stack
    - drm: etnaviv: avoid DMA API warning when importing buffers
    - dt-bindings: phy-qcom-qmp: Add UFS PHY reset
    - phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
    - phy: mapphone-mdm6600: add gpiolib dependency
    - dpaa2-eth: Fix Rx classification status
    - i40e: Able to add up to 16 MAC filters on an untrusted VF
    - i40e: don't allow changes to HW VLAN stripping on active port VLANs
    - ACPI/IORT: Reject platform device creation on NUMA node mapping failure
    - arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
    - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
    - perf/x86/msr: Add Icelake support
    - perf/x86/intel/rapl: Add Icelake support
    - perf/x86/intel/cstate: Add Icelake support
    - PM / devfreq: Fix static checker warning in try_then_request_governor
    - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
    - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
    - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
    - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
    - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
    - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
    - mmc_spi: add a status check for spi_sync_locked
    - mmc: sdhci-of-esdhc: add erratum eSDHC5 support
    - mmc: sdhci-of-esdhc: add erratum A-009204 support
    - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
    - drm/amdgpu: fix old fence check in amdgpu_fence_emit
    - PM / core: Propagate dev->power.wakeup_path when no callbacks
    - clk: rockchip: Fix video codec clocks on rk3288
    - extcon: arizona: Disable mic detect if running when driver is removed
    - clk: rockchip: Make rkpwm a critical clock on rk3288
    - clk: zynqmp: fix check for fractional clock
    - s390: zcrypt: initialize variables before_use
    - x86/microcode: Fix the ancient deprecated microcode loading method
    - s390/mm: silence compiler warning when compiling without CONFIG_PGSTE
    - s390: cio: fix cio_irb declaration
    - selftests: cgroup: fix cleanup path in test_memcg_subtree_control()
    - qmi_wwan: Add quirk for Quectel dynamic config
    - cpufreq: ppc_cbe: fix possible object reference leak
    - cpufreq/pasemi: fix possible object reference leak
    - cpufreq: pmac32: fix possible object reference leak
    - cpufreq: kirkwood: fix possible object reference leak
    - cpufreq: imx6q: fix possible object reference leak
    - block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR
    - samples/bpf: fix build with new clang
    - x86/build: Keep local relocations with ld.lld
    - regulator: core: Avoid potential deadlock on regulator_unregister
    - drm/pl111: fix possible object reference leak
    - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
    - iio: hmc5843: fix potential NULL pointer dereferences
    - iio: common: ssp_sensors: Initialize calculated_time in
      ssp_common_process_data
    - iio: adc: ti-ads7950: Fix improper use of mlock
    - selftests/bpf: ksym_search won't check symbols exists
    - rtlwifi: fix a potential NULL pointer dereference
    - mwifiex: Fix mem leak in mwifiex_tm_cmd
    - brcmfmac: fix missing checks for kmemdup
    - b43: shut up clang -Wuninitialized variable warning
    - brcmfmac: convert dev_init_lock mutex to completion
    - brcmfmac: fix WARNING during USB disconnect in case of unempty psq
    - brcmfmac: fix race during disconnect when USB completion is in progress
    - brcmfmac: fix Oops when bringing up interface during USB disconnect
    - rtc: xgene: fix possible race condition
    - rtlwifi: fix potential NULL pointer dereference
    - scsi: ufs: Fix regulator load and icc-level configuration
    - scsi: ufs: Avoid configuring regulator with undefined voltage range
    - drm/panel: otm8009a: Add delay at the end of initialization
    - drm/amd/display: Prevent cursor hotspot overflow for RV overlay planes
    - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
    - locking/static_key: Fix false positive warnings on concurrent dec/inc
    - wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext
    - x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP
    - x86/uaccess, signal: Fix AC=1 bloat
    - x86/ia32: Fix ia32_restore_sigcontext() AC leak
    - x86/uaccess: Fix up the fixup
    - chardev: add additional check for minor range overlap
    - sh: sh7786: Add explicit I/O cast to sh7786_mm_sel()
    - HID: core: move Usage Page concatenation to Main item
    - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
    - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
    - cxgb3/l2t: Fix undefined behaviour
    - clk: renesas: rcar-gen3: Correct parent clock of SYS-DMAC
    - block: pass page to xen_biovec_phys_mergeable
    - clk: renesas: rcar-gen3: Correct parent clock of Audio-DMAC
    - HID: logitech-hidpp: change low battery level threshold from 31 to 30
      percent
    - spi: tegra114: reset controller on probe
    - kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice.
    - media: video-mux: fix null pointer dereferences
    - media: wl128x: prevent two potential buffer overflows
    - media: gspca: Kill URBs on USB device disconnect
    - efifb: Omit memory map check on legacy boot
    - thunderbolt: property: Fix a missing check of kzalloc
    - thunderbolt: Fix to check the return value of kmemdup
    - drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3
    - timekeeping: Force upper bound for setting CLOCK_REALTIME
    - scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload
      check
    - virtio_console: initialize vtermno value for ports
    - tty: ipwireless: fix missing checks for ioremap
    - staging: mt7621-mmc: Initialize completions a single time during probe
    - overflow: Fix -Wtype-limits compilation warnings
    - x86/mce: Fix machine_check_poll() tests for error types
    - rcutorture: Fix cleanup path for invalid torture_type strings
    - x86/mce: Handle varying MCA bank counts
    - rcuperf: Fix cleanup path for invalid perf_type strings
    - rcu: Do a single rhp->func read in rcu_head_after_call_rcu()
    - spi: stm32-qspi: add spi_master_put in release function
    - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
    - scsi: qla4xxx: avoid freeing unallocated dma memory
    - scsi: lpfc: avoid uninitialized variable warning
    - ice: Prevent unintended multiple chain resets
    - selinux: avoid uninitialized variable warning
    - batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
    - dmaengine: tegra210-adma: use devm_clk_*() helpers
    - x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die processors
    - staging: mt7621-mmc: Check for nonzero number of scatterlist entries
    - hwrng: omap - Set default quality
    - thunderbolt: Fix to check return value of ida_simple_get
    - thunderbolt: Fix to check for kmemdup failure
    - drm/amd/display: fix releasing planes when exiting odm
    - drm/amd/display: Link train only when link is DP and backend is enabled
    - drm/amd/display: Reset alpha state for planes to the correct values
    - thunderbolt: property: Fix a NULL pointer dereference
    - media: v4l2-fwnode: The first default data lane is 0 on C-PHY
    - media: staging/intel-ipu3: mark PM function as __maybe_unused
    - tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers
    - igb: Exclude device from suspend direct complete optimization
    - media: si2165: fix a missing check of return value
    - media: dvbsky: Avoid leaking dvb frontend
    - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
    - drm/amd/display: add pipe lock during stream update
    - media: staging: davinci_vpfe: disallow building with COMPILE_TEST
    - drm/amd/display: Fix Divide by 0 in memory calculations
    - drm/amd/display: Set stream->mode_changed when connectors change
    - scsi: ufs: fix a missing check of devm_reset_control_get
    - media: vimc: stream: fix thread state before sleep
    - media: gspca: do not resubmit URBs when streaming has stopped
    - media: go7007: avoid clang frame overflow warning with KASAN
    - media: vimc: zero the media_device on probe
    - media: vim2m: replace devm_kzalloc by kzalloc
    - media: cedrus: Add a quirk for not setting DMA offset
    - scsi: lpfc: Fix FDMI manufacturer attribute value
    - scsi: lpfc: Fix fc4type information for FDMI
    - media: saa7146: avoid high stack usage with clang
    - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
    - scsi: lpfc: Fix use-after-free mailbox cmd completion
    - audit: fix a memleak caused by auditing load module
    - spi : spi-topcliff-pch: Fix to handle empty DMA buffers
    - drm: writeback: Fix leak of writeback job
    - drm/omap: dsi: Fix PM for display blank with paired dss_pll calls
    - drm/omap: Notify all devices in the pipeline of output disconnection
    - spi: rspi: Fix sequencer reset during initialization
    - regulator: wm831x ldo: Fix notifier mutex lock warning
    - regulator: wm831x isink: Fix notifier mutex lock warning
    - regulator: ltc3676: Fix notifier mutex lock warning
    - regulator: ltc3589: Fix notifier mutex lock warning
    - regulator: pv88060: Fix notifier mutex lock warning
    - spi: imx: stop buffer overflow in RX FIFO flush
    - regulator: lp8755: Fix notifier mutex lock warning
    - regulator: da9211: Fix notifier mutex lock warning
    - regulator: da9063: Fix notifier mutex lock warning
    - regulator: pv88080: Fix notifier mutex lock warning
    - regulator: wm831x: Fix notifier mutex lock warning
    - regulator: pv88090: Fix notifier mutex lock warning
    - regulator: da9062: Fix notifier mutex lock warning
    - regulator: da9055: Fix notifier mutex lock warning
    - spi: Fix zero length xfer bug
    - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
    - ASoC: ti: fix davinci_mcasp_probe dependencies
    - drm/v3d: Handle errors from IRQ setup.
    - drm/drv: Hold ref on parent device during drm_device lifetime
    - drm: Wake up next in drm_read() chain if we are forced to putback the 
event
    - drm/sun4i: dsi: Change the start delay calculation
    - vfio-ccw: Prevent quiesce function going into an infinite loop
    - ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset
    - drm/sun4i: dsi: Enforce boundaries on the start delay
    - NFS: Fix a double unlock from nfs_match,get_client
    - Linux 5.0.20
  * Disco update: 5.0.19 upstream stable release (LP: #1837516)
    - ipv6: fix src addr routing with the exception table
    - ipv6: prevent possible fib6 leaks
    - net: Always descend into dsa/
    - net: avoid weird emergency message
    - net/mlx4_core: Change the error print to info print
    - net: test nouarg before dereferencing zerocopy pointers
    - net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions
    - nfp: flower: add rcu locks when accessing netdev for tunnels
    - ppp: deflate: Fix possible crash in deflate_init
    - rtnetlink: always put IFLA_LINK for links with a link-netnsid
    - tipc: switch order of device registration to fix a crash
    - vsock/virtio: free packets during the socket release
    - tipc: fix modprobe tipc failed after switch order of device registration
    - vsock/virtio: Initialize core virtio vsock before registering the driver
    - net/mlx5e: Add missing ethtool driver info for representors
    - net/mlx5e: Additional check for flow destination comparison
    - net/mlx5: Imply MLXFW in mlx5_core
    - net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled
    - blk-mq: free hw queue's resource in hctx's release handler
    - regulator: core: fix error path for regulator_set_voltage_unlocked
    - parisc: Export running_on_qemu symbol for modules
    - parisc: Add memory clobber to TLB purges
    - parisc: Skip registering LED when running in QEMU
    - parisc: Add memory barrier to asm pdc and sync instructions
    - parisc: Allow live-patching of __meminit functions
    - parisc: Use PA_ASM_LEVEL in boot code
    - parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code
    - stm class: Fix channel free in stm output free path
    - stm class: Fix channel bitmap on 32-bit systems
    - brd: re-enable __GFP_HIGHMEM in brd_insert_page()
    - proc: prevent changes to overridden credentials
    - Revert "MD: fix lock contention for flush bios"
    - md: batch flush requests.
    - md: add mddev->pers to avoid potential NULL pointer dereference
    - md: add a missing endianness conversion in check_sb_changes
    - dcache: sort the freeing-without-RCU-delay mess for good.
    - intel_th: msu: Fix single mode with IOMMU
    - p54: drop device reference count if fails to enable device
    - of: fix clang -Wunsequenced for be32_to_cpu()
    - brcmfmac: Add DMI nvram filename quirk for ACEPC T8 and T11 mini PCs
    - phy: ti-pipe3: fix missing bit-wise or operator when assigning val
    - media: ov6650: Fix sensor possibly not detected on probe
    - media: imx: csi: Allow unknown nearest upstream entities
    - media: imx: Clear fwnode link struct for each endpoint iteration
    - RDMA/mlx5: Use get_zeroed_page() for clock_info
    - RDMA/ipoib: Allow user space differentiate between valid dev_port
    - NFS4: Fix v4.0 client state corruption when mount
    - PNFS fallback to MDS if no deviceid found
    - clk: hi3660: Mark clk_gate_ufs_subsys as critical
    - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
    - clk: mediatek: Disable tuner_en before change PLL rate
    - clk: rockchip: fix wrong clock definitions for rk3328
    - udlfb: delete the unused parameter for dlfb_handle_damage
    - udlfb: fix sleeping inside spinlock
    - udlfb: introduce a rendering mutex
    - fuse: fix writepages on 32bit
    - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
    - ovl: fix missing upper fs freeze protection on copy up for ioctl
    - gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6
    - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
    - ceph: flush dirty inodes before proceeding with remount
    - x86_64: Add gap to int3 to allow for call emulation
    - x86_64: Allow breakpoints to emulate call instructions
    - ftrace/x86_64: Emulate call function while updating in breakpoint handler
    - tracing: Fix partial reading of trace event's id file
    - tracing: probeevent: Fix to make the type of $comm string
    - memory: tegra: Fix integer overflow on tick value calculation
    - perf intel-pt: Fix instructions sampling rate
    - perf intel-pt: Fix improved sample timestamp
    - perf intel-pt: Fix sample timestamp wrt non-taken branches
    - MIPS: perf: Fix build with CONFIG_CPU_BMIPS5000 enabled
    - objtool: Allow AR to be overridden with HOSTAR
    - x86/mpx, mm/core: Fix recursive munmap() corruption
    - fbdev/efifb: Ignore framebuffer memmap entries that lack any memory types
    - fbdev: sm712fb: fix brightness control on reboot, don't set SR30
    - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
    - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
    - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
    - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
      VRAM
    - fbdev: sm712fb: fix support for 1024x768-16 mode
    - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
    - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
    - PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken
    - PCI: Mark Atheros AR9462 to avoid bus reset
    - PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary
    - PCI: Init PCIe feature bits for managed host bridge alloc
    - PCI/AER: Change pci_aer_init() stub to return void
    - PCI: rcar: Add the initialization of PCIe link in resume_noirq()
    - PCI: Factor out pcie_retrain_link() function
    - PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
    - dm cache metadata: Fix loading discard bitset
    - dm zoned: Fix zone report handling
    - dm delay: fix a crash when invalid device is specified
    - dm crypt: move detailed message into debug level
    - dm integrity: correctly calculate the size of metadata area
    - dm mpath: always free attached_handler_name in parse_path()
    - fuse: Add FOPEN_STREAM to use stream_open()
    - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
    - xfrm: Reset secpath in xfrm failure
    - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
    - vti4: ipip tunnel deregistration fixes.
    - xfrm: clean up xfrm protocol checks
    - esp4: add length check for UDP encapsulation
    - xfrm: Honor original L3 slave device in xfrmi policy lookup
    - xfrm4: Fix uninitialized memory read in _decode_session4
    - ARC: PAE40: don't panic and instead turn off hw ioc
    - clk: sunxi-ng: nkmp: Avoid GENMASK(-1, 0)
    - KVM: PPC: Book3S HV: Perserve PSSCR FAKE_SUSPEND bit on guest exit
    - KVM: PPC: Book3S: Protect memslots while validating user address
    - power: supply: cpcap-battery: Fix division by zero
    - securityfs: fix use-after-free on symlink traversal
    - apparmorfs: fix use-after-free on symlink traversal
    - PCI: Fix issue with "pci=disable_acs_redir" parameter being ignored
    - x86: kvm: hyper-v: deal with buggy TLB flush requests from WS2012
    - mac80211: Fix kernel panic due to use of txq after free
    - net: ieee802154: fix missing checks for regmap_update_bits
    - KVM: arm/arm64: Ensure vcpu target is unset on reset failure
    - power: supply: sysfs: prevent endless uevent loop with
      CONFIG_POWER_SUPPLY_DEBUG
    - tools: bpftool: fix infinite loop in map create
    - bpf: Fix preempt_enable_no_resched() abuse
    - qmi_wwan: new Wistron, ZTE and D-Link devices
    - iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()
    - sched/cpufreq: Fix kobject memleak
    - x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
    - KVM: fix KVM_CLEAR_DIRTY_LOG for memory slots of unaligned size
    - KVM: selftests: make hyperv_cpuid test pass on AMD
    - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
    - i2c: designware: ratelimit 'transfer when suspended' errors
    - perf bench numa: Add define for RUSAGE_THREAD if not present
    - perf cs-etm: Always allocate memory for cs_etm_queue::prev_packet
    - perf/x86/intel: Fix race in intel_pmu_disable_event()
    - Revert "Don't jump to compute_result state from check_result state"
    - md/raid: raid5 preserve the writeback action after the parity check
    - driver core: Postpone DMA tear-down until after devres release for probe
      failure
    - bpf: relax inode permission check for retrieving bpf program
    - bpf: add map_lookup_elem_sys_only for lookups from syscall side
    - bpf, lru: avoid messing with eviction heuristics upon syscall lookup
    - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
    - Linux 5.0.19
  * CVE-2019-13648
    - powerpc/tm: Fix oops on sigreturn on systems without TM
  * bcache kernel warning when attaching device (LP: #1837788)
    - bcache: only set BCACHE_DEV_WB_RUNNING when cached device attached
  * CVE-2019-14283
    - floppy: fix out-of-bounds read in copy_buffer
  * CVE-2019-14284
    - floppy: fix div-by-zero in setup_format_params
  * alsa/hda: neither mute led nor mic-mute led work on several Lenovo laptops
    (LP: #1837963)
    - SAUCE: ALSA: hda - Add a conexant codec entry to let mute led work

 -- Khalid Elmously <khalid.elmou...@canonical.com>  Tue, 20 Aug 2019
17:11:59 -0400

** Changed in: linux-kvm (Ubuntu Disco)
       Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13648

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14283

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-14284

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3900

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1840810

Title:
  disco/linux-kvm: 5.0.0-1015.16 -proposed tracker

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1840810/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to