Bionic update: upstream stable patchset 2018-08-29
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Kamal Mostafa |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The following upstream
stable patches should be included in the Ubuntu kernel:
upstream stable patchset 2018-08-29 (ported from v4.14.49 and v4.16.15)
from git://git.
net : sched: cls_api: deal with egdev path only if needed
net: dsa: b53: Fix for brcm tag issue in Cygnus SoC
net: ethernet: davinci_emac: fix error handling in probe()
net: ethernet: ti: cpdma: correct error handling for chan create
mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG
l2tp: fix refcount leakage on PPPoL2TP sockets
drm: set FMODE_UNSIGNED_
PCI: hv: Do not wait forever on a device that has disappeared
cls_flower: Fix incorrect idr release when failing to modify rule
rtnetlink: validate attributes in do_setlink()
virtio-net: fix leaking page for gso packet during mergeable XDP
net/mlx5e: When RXFCS is set, add FCS data into checksum calculation
virtio-net: correctly check num_buf during err path
tun: Fix NULL pointer dereference in XDP redirect
net/mlx4: Fix irq-unsafe spinlock usage
virtio-net: correctly transmit XDP buff after linearizing
net-sysfs: Fix memory leak in XPS configuration
net: phy: broadcom: Fix auxiliary control register reads
ipv6: sr: fix memory OOB access in seg6_do_
vrf: check the original netdevice for generating redirect
vhost: synchronize IOTLB message with dev cleanup
team: use netdev_features_t instead of u32
sctp: not allow transport timeout value less than HZ/5 for hb_timer
qed: Fix mask for physical address in ILT entry
packet: fix reserve calculation
net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
net: phy: broadcom: Fix bcm_write_exp()
net/packet: refine check for priv area size
net: metrics: add proper netlink validation
net: ipv4: add missing RTA_TABLE to rtm_ipv4_policy
netdev-FAQ: clarify DaveM's position for stable backports
kcm: Fix use-after-free caused by clonned sockets
isdn: eicon: fix a missing-check bug
ipv6: omit traffic class when calculating flow hash
ipv4: remove warning in ip_recv_error
ipmr: properly check rhltable_init() return value
ip6_tunnel: remove magic mtu value 0xFFF8
ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
enic: set DMA mask to 47 bit
dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
bnx2x: use the right constant
be2net: Fix error detection logic for BE3
kconfig: Avoid format overflow warning from GCC 8.1
btrfs: define SUPER_FLAG_
mmap: relax file size limit for regular files
mmap: introduce sane default mmap limits
scsi: sd_zbc: Avoid that resetting a zone fails sporadically
CVE References
tags: | added: kernel-stable-tracking-bug |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → Kamal Mostafa (kamalmostafa) |
status: | New → In Progress |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
tags: | added: cscc |
Changed in linux (Ubuntu): | |
status: | New → Invalid |
This bug was fixed in the package linux - 4.15.0-36.39
---------------
linux (4.15.0-36.39) bionic; urgency=medium
* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation
* CVE-2018-17182 flush_all( ) entirely
- mm: get rid of vmacache_
linux (4.15.0-35.38) bionic; urgency=medium
* linux: 4.15.0-35.38 -proposed tracker (LP: #1791719)
* device hotplug of vfio devices can lead to deadlock in vfio_pci_release
(LP: #1792099)
- SAUCE: vfio -- release device lock before userspace requests
* L1TF mitigation not effective in some CPU and RAM combinations /l1tf: Fix overflow in l1tf_pfn_limit() on 32bit /l1tf: Fix off-by-one error when warning that system has too /l1tf: Increase l1tf memory limit for Nehalem+
(LP: #1788563)
- x86/speculation
- x86/speculation
much RAM
- x86/speculation
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* CVE-2017-5715 (Spectre v2 s390x)
- KVM: s390: implement CPU model only facilities
- s390: detect etoken facility
- KVM: s390: add etoken support for guests
- s390/lib: use expoline for all bcr instructions
- s390: fix br_r1_trampoline for machines without exrl
- SAUCE: s390: use expoline thunks for all branches generated by the BPF JIT
* Ubuntu18.04.1: cpuidle: powernv: Fix promotion from snooze if next state
disabled (performance) (LP: #1790602)
- cpuidle: powernv: Fix promotion from snooze if next state disabled
* Watchdog CPU:19 Hard LOCKUP when kernel crash was triggered (LP: #1790636) shutdown( ) called with interrupts disabled
- powerpc: hard disable irqs in smp_send_stop loop
- powerpc: Fix deadlock with multiple calls to smp_send_stop
- powerpc: smp_send_stop do not offline stopped CPUs
- powerpc/powernv: Fix opal_event_
* Security fix: check if IOMMU page is contained in the pinned physical page
(LP: #1785675)
- vfio/spapr: Use IOMMU pageshift rather than pagesize
- KVM: PPC: Check if IOMMU page is contained in the pinned physical page
* Missing Intel GPU pci-id's (LP: #1789924)
- drm/i915/kbl: Add KBL GT2 sku
- drm/i915/whl: Introducing Whiskey Lake platform
- drm/i915/aml: Introducing Amber Lake platform
- drm/i915/cfl: Add a new CFL PCI ID.
* CVE-2018-15572
- x86/speculation: Protect against userspace-userspace spectreRSB
* Support Power Management for Thunderbolt Controller (LP: #1789358)
- thunderbolt: Handle NULL boot ACL entries properly
- thunderbolt: Notify userspace when boot_acl is changed
- thunderbolt: Use 64-bit DMA mask if supported by the platform
- thunderbolt: Do not unnecessarily call ICM get route
- thunderbolt: No need to take tb->lock in domain suspend/complete
- thunderbolt: Use correct ICM commands in system suspend
- thunderbolt: Add support for runtime PM
* random oopses on s390 systems using NVMe devices (LP: #1790480)
- s390/pci: fix out of bounds access during irq setup
* [Bionic] Spectre v4 mitigation (Speculative Store Bypass Disable) support
for arm64 using SMC firmware call to set a hardware chicken bit
(LP: #1787993) // CVE-2018...