Bug #1878544 “kernel NULL pointer dereference when plugging/unpl...” : Bugs : linux package : Ubuntu

Revision history for this message

Victor (vvaquero) wrote on 2020-05-14:

#1

Image capturing the full bug Edit (2.3 MiB, image/jpeg)
AlsaInfo.txt Edit (40.9 KiB, text/plain; charset="utf-8")
CRDA.txt Edit (2.8 KiB, text/plain; charset="utf-8")
CurrentDmesg.txt Edit (110.0 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (2.4 KiB, text/plain; charset="utf-8")
IwConfig.txt Edit (515 bytes, text/plain; charset="utf-8")
Lspci.txt Edit (11.3 KiB, text/plain; charset="utf-8")
Lspci-vt.txt Edit (1.3 KiB, text/plain; charset="utf-8")
Lsusb.txt Edit (791 bytes, text/plain; charset="utf-8")
Lsusb-t.txt Edit (1.2 KiB, text/plain; charset="utf-8")
Lsusb-v.txt Edit (48.5 KiB, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (10.2 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.3 KiB, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (5.5 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (8.4 KiB, text/plain; charset="utf-8")
PulseList.txt Edit (27.3 KiB, text/plain; charset="utf-8")
RfKill.txt Edit (112 bytes, text/plain; charset="utf-8")
UdevDb.txt Edit (289.5 KiB, text/plain; charset="utf-8")
WifiSyslog.txt Edit (137.5 KiB, text/plain; charset="utf-8")

Revision history for this message

Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote on 2020-05-14: Status changed to Confirmed

#2

This change was made by a bot.

Changed in linux (Ubuntu):
status:	New → Confirmed

Revision history for this message

You-Sheng Yang (vicamo) wrote on 2020-05-14:

#3

https://bugzilla.redhat.com/show_bug.cgi?id=1785972
https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/commit/?id=0df9433fcae02215c8fd79690c134d535c7bb905 (landed in v5.7-rc3)

Revision history for this message

You-Sheng Yang (vicamo) wrote on 2020-05-14:

#4

Aforementioned commit is meant to fix 5f54a85db5df ("usb: typec: Make sure an alt mode exist before getting its partner"), which was landed in v5.2, so this should affects E/F/G/OEM-5.6.

koba (kobako) on 2020-05-14

Changed in linux (Ubuntu):
assignee:	nobody → koba (kobako)

Revision history for this message

koba (kobako) wrote on 2020-05-25:

#6

@Victor,
please install this kernel and verified whether issue is fixed.
1. Download files from https://people.canonical.com/~koba/linux-5.4.0-21.25Lp1878544ubuntu1.tar.xz
2. sudo dpkg -i *.deb
3. reboot
4. verify the issue.

Revision history for this message

Victor (vvaquero) wrote on 2020-06-04:

#7

Hi @koba,
After checking for a couple of hours, plugging and unplugging both power, hub, and USBs/HDMI in the hub, it seems to all work perfectly with that 0-21 version of the Kernel!!!

What would be the next steps? Would the fix be pushed to the latest kernel update soon?

Thank you for your help! Best

koba (kobako) on 2020-06-05

Changed in linux (Ubuntu):
status:	Confirmed → In Progress

Revision history for this message

Victor (vvaquero) wrote on 2020-06-06:

#9

@Koba,

I have tried with the latest generic kernel 5.4.0-33 but the problem still persists. Are you sure that the bug was corrected in v33?
Thank you for your time and help!

Revision history for this message

koba (kobako) wrote on 2020-06-08:

#10

@Victor,
Sorry, it's my fault. please wait the next released(>= 5.4.0-34)

AceLan Kao (acelankao) on 2020-06-12

Changed in linux-oem-osp1 (Ubuntu Bionic):
status:	New → Fix Committed
Changed in linux-oem-osp1 (Ubuntu):
status:	New → Invalid

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-07-01:

#11

Download full text (24.3 KiB)

This bug was fixed in the package linux-oem-osp1 - 5.0.0-1063.68

---------------
linux-oem-osp1 (5.0.0-1063.68) bionic; urgency=medium

* bionic/linux-oem-osp1: 5.0.0-1060.65 -proposed tracker (LP: #1882719)

* bionic/linux-oem-osp1: 5.0.0-1063.68 -proposed tracker (LP: #1884983)

  * kernel NULL pointer dereference when plugging/unpluggin USB-c (power or hub)
    (LP: #1878544)
    - usb: typec: altmode: Fix typec_altmode_get_partner sometimes returning an
      invalid pointer

  * audio card disappeared after suspend device during audio playback Edit
    (LP: #1882035)
    - ASoC: SOF: topology: set trigger order for FE DAI link

* tpm: fix TIS locality timeout problems (LP: #1881710)
- SAUCE: tpm: fix TIS locality timeout problems

  * Performing function level reset of AMD onboard USB and audio devices causes
    system lockup (LP: #1865988)
    - SAUCE: PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
    - SAUCE: PCI: Avoid FLR for AMD Starship USB 3.0

  * Realtek 8723DE [10ec:d723] subsystem [10ec:d738] disconnects unsolicitedly
    when Bluetooth is paired: Reason: 23=IEEE8021X_FAILED (LP: #1878147)
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: Move driver IQK to set channel before
      association for 11N chip"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: fix rate for a while after being
      connected"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: No retry and report for auth and assoc"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: 8723d: Add coex support"
    - rtw88: add rtw_read8_mask and rtw_read16_mask
    - rtw88: add a debugfs entry to dump coex's info
    - rtw88: add a debugfs entry to enable/disable coex mechanism
    - rtw88: configure TX queue EDCA parameters
    - rtw88: 8723d: Add coex support
    - SAUCE: rtw88: coex: 8723d: set antanna control owner
    - SAUCE: rtw88: coex: 8723d: handle BT inquiry cases
    - SAUCE: rtw88: fix EAPOL 4-way failure by finish IQK earlier

  * Fix incorrect speed/duplex when I210 device is runtime suspended
    (LP: #1880656)
    - igb: Report speed and duplex as unknown when device is runtime suspended

[ Ubuntu: 5.0.0-56.60 ]

  * disco/linux: 5.0.0-56.60 -proposed tracker (LP: #1884984)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * bpf_get_stack from test_verifier in ubuntu_bpf failed on Bionic 5.0
    (LP: #1881263)
    - Revert "bpf: fix buggy r0 retval refinement for tracing helpers"
  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported
  * Disco update: upstream stable patchset 2020-06-04 (LP: #1882128)
    - x86/uaccess, ubsan: Fix UBSAN vs. SMAP
    - ubsan: build ubsan.c more conservatively
    - i2c: dev: Fix the race between the release of i2c_dev and cdev
    - KVM: SVM: Fix potential memory leak in svm_cpu_init()
    - riscv: set max_pfn to the PFN of the last page
    - ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
    - evm: Check also if *tfm is an error pointer in init_desc()
    - ima: Fix return value of ima_write_policy()
    - mtd: spinand: Propagate ECC information to the MTD structure
    - fix multiplication overflow in copy_fdtab...

This bug was fixed in the package linux-oem-osp1 - 5.0.0-1063.68

---------------
linux-oem-osp1 (5.0.0-1063.68) bionic; urgency=medium

* bionic/linux-oem-osp1: 5.0.0-1060.65 -proposed tracker (LP: #1882719)

* bionic/linux-oem-osp1: 5.0.0-1063.68 -proposed tracker (LP: #1884983)

* kernel NULL pointer dereference when plugging/unpluggin USB-c (power or hub)
    (LP: #1878544)
    - usb: typec: altmode: Fix typec_altmode_get_partner sometimes returning an
      invalid pointer

* audio card disappeared after suspend device during audio playback Edit
    (LP: #1882035)
    - ASoC: SOF: topology: set trigger order for FE DAI link

* tpm: fix TIS locality timeout problems (LP: #1881710)
    - SAUCE: tpm: fix TIS locality timeout problems

* Performing function level reset of AMD onboard USB and audio devices causes
    system lockup (LP: #1865988)
    - SAUCE: PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
    - SAUCE: PCI: Avoid FLR for AMD Starship USB 3.0

* Realtek 8723DE [10ec:d723] subsystem [10ec:d738]  disconnects unsolicitedly
    when Bluetooth is paired: Reason: 23=IEEE8021X_FAILED (LP: #1878147)
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: Move driver IQK to set channel before
      association for 11N chip"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: fix rate for a while after being
      connected"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: No retry and report for auth and assoc"
    - SAUCE: Revert "UBUNTU: SAUCE: rtw88: 8723d: Add coex support"
    - rtw88: add rtw_read8_mask and rtw_read16_mask
    - rtw88: add a debugfs entry to dump coex's info
    - rtw88: add a debugfs entry to enable/disable coex mechanism
    - rtw88: configure TX queue EDCA parameters
    - rtw88: 8723d: Add coex support
    - SAUCE: rtw88: coex: 8723d: set antanna control owner
    - SAUCE: rtw88: coex: 8723d: handle BT inquiry cases
    - SAUCE: rtw88: fix EAPOL 4-way failure by finish IQK earlier

* Fix incorrect speed/duplex when I210 device is runtime suspended
    (LP: #1880656)
    - igb: Report speed and duplex as unknown when device is runtime suspended

[ Ubuntu: 5.0.0-56.60 ]

* disco/linux: 5.0.0-56.60 -proposed tracker (LP: #1884984)
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts
  * bpf_get_stack from test_verifier in ubuntu_bpf failed on Bionic 5.0
    (LP: #1881263)
    - Revert "bpf: fix buggy r0 retval refinement for tracing helpers"
  * CVE-2020-0543
    - UBUNTU/SAUCE: x86/speculation/srbds: do not try to turn mitigation off when
      not supported
  * Disco update: upstream stable patchset 2020-06-04 (LP: #1882128)
    - x86/uaccess, ubsan: Fix UBSAN vs. SMAP
    - ubsan: build ubsan.c more conservatively
    - i2c: dev: Fix the race between the release of i2c_dev and cdev
    - KVM: SVM: Fix potential memory leak in svm_cpu_init()
    - riscv: set max_pfn to the PFN of the last page
    - ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
    - evm: Check also if *tfm is an error pointer in init_desc()
    - ima: Fix return value of ima_write_policy()
    - mtd: spinand: Propagate ECC information to the MTD structure
    - fix multiplication overflow in copy_fdtable()
    - ubifs: remove broken lazytime support
    - iommu/amd: Fix over-read of ACPI UID from IVRS table
    - i2c: mux: demux-pinctrl: Fix an error handling path in
      'i2c_demux_pinctrl_probe()'
    - ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
    - gcc-common.h: Update for GCC 10
    - HID: multitouch: add eGalaxTouch P80H84 support
    - HID: alps: Add AUI1657 device ID
    - HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead
    - scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
    - scsi: qla2xxx: Delete all sessions before unregister local nvme port
    - configfs: fix config_item refcnt leak in configfs_rmdir()
    - vhost/vsock: fix packet delivery order to monitoring devices
    - aquantia: Fix the media type of AQC100 ethernet controller in the driver
    - component: Silence bind error on -EPROBE_DEFER
    - scsi: ibmvscsi: Fix WARN_ON during event pool release
    - HID: i2c-hid: reset Synaptics SYNA2393 on resume
    - x86/apic: Move TSC deadline timer debug printk
    - gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
    - HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock
    - ceph: fix double unlock in handle_cap_export()
    - stmmac: fix pointer check after utilization in stmmac_interrupt
    - USB: core: Fix misleading driver bug report
    - platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
    - ARM: futex: Address build warning
    - padata: Replace delayed timer with immediate workqueue in padata_reorder
    - padata: initialize pd->cpu with effective cpumask
    - padata: purge get_cpu and reorder_via_wq from padata_do_serial
    - ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio
      option
    - ALSA: pcm: fix incorrect hw_base increase
    - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme
    - ALSA: hda/realtek - Add more fixup entries for Clevo machines
    - drm/etnaviv: fix perfmon domain interation
    - apparmor: fix potential label refcnt leak in aa_change_profile
    - apparmor: Fix aa_label refcnt leak in policy_update
    - dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
    - dmaengine: owl: Use correct lock in owl_dma_get_pchan()
    - drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance.
    - powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
    - powerpc/64s: Disable STRICT_KERNEL_RWX
    - nfit: Add Hyper-V NVDIMM DSM command set to white list
    - libnvdimm/btt: Remove unnecessary code in btt_freelist_init
    - libnvdimm/btt: Fix LBA masking during 'free list' population
    - staging: most: core: replace strcpy() by strscpy()
    - thunderbolt: Drop duplicated get_switch_at_route()
    - media: fdp1: Fix R-Car M3-N naming in debug message
    - Revert "net/ibmvnic: Fix EOI when running in XIVE mode"
    - Revert "gfs2: Don't demote a glock until its revokes are written"
    - staging: iio: ad2s1210: Fix SPI reading
    - staging: greybus: Fix uninitialized scalar variable
    - iio: sca3000: Remove an erroneous 'get_device()'
    - iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
    - misc: rtsx: Add short delay after exit from ASPM
    - mei: release me_cl object reference
    - ipack: tpci200: fix error return code in tpci200_register()
    - rapidio: fix an error in get_user_pages_fast() error handling
    - rxrpc: Fix a memory leak in rxkad_verify_response()
    - x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
    - iio: adc: stm32-adc: Use dma_request_chan() instead
      dma_request_slave_channel()
    - iio: adc: stm32-adc: fix device used to request dma
    - iio: adc: stm32-dfsdm: Use dma_request_chan() instead
      dma_request_slave_channel()
    - iio: adc: stm32-dfsdm: fix device used to request dma
    - rxrpc: Trace discarded ACKs
    - rxrpc: Fix ack discard
    - ubifs: fix wrong use of crypto_shash_descsize()
    - i2c: fix missing pm_runtime_put_sync in i2c_device_probe
    - evm: Fix a small race in init_desc()
    - afs: Don't unlock fetched data pages until the op completes successfully
    - mtd: Fix mtd not registered due to nvmem name collision
    - net/ena: Fix build warning in ena_xdp_set()
    - x86/mm/cpa: Flush direct map alias during cpa
    - ibmvnic: Skip fatal error reset after passive init
    - iommu/amd: Call domain_flush_complete() in update_domain()
    - drm/amd/display: Prevent dpcd reads with passive dongles
    - KVM: selftests: Fix build for evmcs.h
    - ALSA: hda - constify and cleanup static NodeID tables
    - ALSA: hda: patch_realtek: fix empty macro usage in if block
    - ALSA: hda/realtek - Add supported new mute Led for HP
    - ALSA: hda/realtek - Add HP new mute led supported for ALC236
    - ALSA: hda/realtek: Add quirk for Samsung Notebook
    - ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295
    - ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295
    - ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295
    - scsi: target: Put lun_ref at end of tmr processing
    - dmaengine: dmatest: Restore default for channel
    - kasan: disable branch tracing for core runtime
  * Disco update: upstream stable patchset 2020-05-29 (LP: #1881352)
    - net: dsa: Do not make user port errors fatal
    - shmem: fix possible deadlocks on shmlock_user_lock
    - net/sonic: Fix a resource leak in an error handling path in
      'jazz_sonic_probe()'
    - net: moxa: Fix a potential double 'free_irq()'
    - drop_monitor: work around gcc-10 stringop-overflow warning
    - virtio-blk: handle block_device_operations callbacks after hot unplug
    - scsi: sg: add sg_remove_request in sg_write
    - mmc: sdhci-acpi: Add SDHCI_QUIRK2_BROKEN_64_BIT_DMA for AMDI0040
    - net: fix a potential recursive NETDEV_FEAT_CHANGE
    - net: phy: fix aneg restart in phy_ethtool_set_eee
    - pppoe: only process PADT targeted at local interfaces
    - Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
    - tcp: fix error recovery in tcp_zerocopy_receive()
    - virtio_net: fix lockdep warning on 32 bit
    - hinic: fix a bug of ndo_stop
    - net: dsa: loop: Add module soft dependency
    - net: ipv4: really enforce backoff for redirects
    - netprio_cgroup: Fix unlimited memory leak of v2 cgroups
    - net: tcp: fix rx timestamp behavior for tcp_recvmsg
    - tcp: fix SO_RCVLOWAT hangs with fat skbs
    - riscv: fix vdso build with lld
    - dmaengine: pch_dma.c: Avoid data race between probe and irq handler
    - dmaengine: mmp_tdma: Reset channel error on release
    - cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once
    - ALSA: hda/hdmi: fix race in monitor detection during probe
    - drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
    - ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
    - gfs2: Another gfs2_walk_metadata fix
    - pinctrl: baytrail: Enable pin configuration setting for GPIO chip
    - pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
    - i40iw: Fix error handling in i40iw_manage_arp_cache()
    - mmc: core: Check request type before completing the request
    - mmc: block: Fix request completion in the CQE timeout path
    - NFS: Fix fscache super_cookie index_key from changing after umount
    - nfs: fscache: use timespec64 in inode auxdata
    - NFSv4: Fix fscache cookie aux_data to ensure change_attr is included
    - netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
    - arm64: fix the flush_icache_range arguments in machine_kexec
    - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
    - IB/mlx4: Test return value of calls to ib_get_cached_pkey
    - hwmon: (da9052) Synchronize access with mfd
    - pnp: Use list_for_each_entry() instead of open coding
    - gcc-10 warnings: fix low-hanging fruit
    - kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
    - Stop the ad-hoc games with -Wno-maybe-initialized
    - gcc-10: disable 'zero-length-bounds' warning for now
    - gcc-10: disable 'array-bounds' warning for now
    - gcc-10: disable 'stringop-overflow' warning for now
    - gcc-10: disable 'restrict' warning for now
    - gcc-10: avoid shadowing standard library 'free()' in crypto
    - ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
    - ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
    - ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
    - usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
    - usb: host: xhci-plat: keep runtime active when removing host
    - usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
    - ARM: dts: dra7: Fix bus_dma_limit for PCIe
    - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
    - cifs: fix leaked reference on requeued write
    - x86: Fix early boot crash on gcc-10, third try
    - x86/unwind/orc: Fix error handling in __unwind_start()
    - exec: Move would_dump into flush_old_exec
    - clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
    - dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg()
    - usb: gadget: net2272: Fix a memory leak in an error handling path in
      'net2272_plat_probe()'
    - usb: gadget: audio: Fix a missing error return value in audio_bind()
    - usb: gadget: legacy: fix error return code in gncm_bind()
    - usb: gadget: legacy: fix error return code in cdc_bind()
    - clk: Unlink clock if failed to prepare or enable
    - arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328
      boards
    - arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy
    - ARM: dts: r8a73a4: Add missing CMT1 interrupts
    - arm64: dts: renesas: r8a77980: Fix IPMMU VIP[01] nodes
    - ARM: dts: r8a7740: Add missing extal2 to CPG node
    - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
    - Makefile: disallow data races on gcc-10 as well
    - KVM: arm: vgic: Synchronize the whole guest on GIC{D,R}_I{S,C}ACTIVER read
    - ftrace/selftests: workaround cgroup RT scheduling issues
    - net_sched: fix tcm_parent in tc filter dump
    - dpaa2-eth: prevent array underflow in update_cls_rule()
    - nfp: abm: fix error return code in nfp_abm_vnic_alloc()
    - r8169: re-establish support for RTL8401 chip version
    - umh: fix memory leak on execve failure
    - dmaengine: mmp_tdma: Do not ignore slave config validation errors
    - selftests/ftrace: Check the first record for kprobe_args_type.tc
    - drm/amdgpu: simplify padding calculations (v2)
    - IB/hfi1: Fix another case where pq is left on waitlist
    - pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H
    - pinctrl: qcom: fix wrong write in update_dual_edge
    - bpf: Fix error return code in map_lookup_and_delete_elem()
    - bpf, sockmap: msg_pop_data can incorrecty set an sge length
    - bpf, sockmap: bpf_tcp_ingress needs to subtract bytes from sg.size
    - mmc: alcor: Fix a resource leak in the error path for ->probe()
    - mmc: core: Fix recursive locking issue in CQE recovery path
    - nfs: fix NULL deference in nfs4_get_valid_delegation
    - netfilter: nft_set_rbtree: Add missing expired checks
    - s390/ism: fix error return code in ism_probe()
    - NFSv3: fix rpc receive buffer size for MOUNT call
    - net/rds: Use ERR_PTR for rds_message_alloc_sgs()
    - usb: usbfs: correct kernel->user page attribute mismatch
    - ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA
    - Make the "Reducing compressed framebufer size" message be DRM_INFO_ONCE()
    - fanotify: fix merging marks masks with FAN_ONDIR
    - bpf: Fix sk_psock refcnt leak when receiving message
  * upgrading to 4.15.0-99-generic breaks the sound and the trackpad
    (LP: #1875916) // Disco update: upstream stable patchset 2020-05-29
    (LP: #1881352)
    - Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
  * Pop sound from build-in speaker during cold boot and resume from S3
    (LP: #1866357) // Disco update: upstream stable patchset 2020-05-29
    (LP: #1881352)
    - ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse
  * Disco update: upstream stable patchset 2020-05-22 (LP: #1880237)
    - USB: serial: qcserial: Add DW5816e support
    - tracing/kprobes: Fix a double initialization typo
    - vt: fix unicode console freeing with a common interface
    - dp83640: reverse arguments to list_add_tail
    - fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
    - net: macsec: preserve ingress frame ordering
    - net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
    - net_sched: sch_skbprio: add message validation to skbprio_change()
    - net: usb: qmi_wwan: add support for DW5816e
    - sch_choke: avoid potential panic in choke_reset()
    - sch_sfq: validate silly quantum values
    - tipc: fix partial topology connection closure
    - bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
    - net/mlx5: Fix forced completion access non initialized command entry
    - net/mlx5: Fix command entry leak in Internal Error State
    - bnxt_en: Improve AER slot reset.
    - bnxt_en: Fix VF anti-spoof filter setup.
    - net: stricter validation of untrusted gso packets
    - HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices
    - sctp: Fix bundling of SHUTDOWN with COOKIE-ACK
    - HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
    - USB: uas: add quirk for LaCie 2Big Quadra
    - USB: serial: garmin_gps: add sanity checking for data length
    - tracing: Add a vmalloc_sync_mappings() for safe measure
    - KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER
    - KVM: arm64: Fix 32bit PC wrap-around
    - arm64: hugetlb: avoid potential NULL dereference
    - mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
    - staging: gasket: Check the return value of gasket_get_bar_index()
    - coredump: fix crash when umh is disabled
    - batman-adv: fix batadv_nc_random_weight_tq
    - batman-adv: Fix refcnt leak in batadv_show_throughput_override
    - batman-adv: Fix refcnt leak in batadv_store_throughput_override
    - batman-adv: Fix refcnt leak in batadv_v_ogm_process
    - x86/entry/64: Fix unwind hints in register clearing code
    - x86/entry/64: Fix unwind hints in kernel exit path
    - x86/entry/64: Fix unwind hints in rewind_stack_do_exit()
    - x86/unwind/orc: Don't skip the first frame for inactive tasks
    - x86/unwind/orc: Prevent unwinding before ORC initialization
    - x86/unwind/orc: Fix error path for bad ORC entry type
    - x86/unwind/orc: Fix premature unwind stoppage due to IRET frames
    - netfilter: nat: never update the UDP checksum when it's 0
    - netfilter: nf_osf: avoid passing pointer to local var
    - objtool: Fix stack offset tracking for indirect CFAs
    - scripts/decodecode: fix trapping instruction formatting
    - ipc/mqueue.c: change __do_notify() to bypass check_kill_permission()
    - drm/amdgpu: move kfd suspend after ip_suspend_phase1
    - drm/amdgpu: drop redundant cg/pg ungate on runpm enter
    - tty: xilinx_uartps: Fix missing id assignment to the console
    - devlink: fix return value after hitting end in region read
    - neigh: send protocol value in neighbor create notification
    - net: tc35815: Fix phydev supported/advertising mask
    - net/tls: Fix sk_psock refcnt leak in bpf_exec_tx_verdict()
    - net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
    - nfp: abm: fix a memory leak bug
    - tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040
    - bnxt_en: Reduce BNXT_MSIX_VEC_MAX value to supported CQs per PF.
    - bnxt_en: Return error when allocating zero size context memory.
    - HID: wacom: Report 2nd-gen Intuos Pro S center button status over BT
    - crypto: arch/nhpoly1305 - process in explicit 4k chunks
    - mm: limit boost_watermark on small zones
    - KVM: x86: Fixes posted interrupt check for IRQs delivery modes
    - mm, memcg: fix error return value of mem_cgroup_css_alloc()
  * Disco update: upstream stable patchset 2020-05-20 (LP: #1879793)
    - vhost: vsock: kick send_pkt worker once device is started
    - powerpc/pci/of: Parse unassigned resources
    - ASoC: topology: Check return value of pcm_new_ver
    - selftests/ipc: Fix test failure seen after initial test run
    - ASoC: sgtl5000: Fix VAG power-on handling
    - usb: dwc3: gadget: Properly set maxpacket limit
    - ASoC: rsnd: Fix parent SSI start/stop in multi-SSI mode
    - ASoC: rsnd: Fix HDMI channel mapping for multi-SSI mode
    - ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry
    - drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay
      table v0 (e.g Hawaii)
    - wimax/i2400m: Fix potential urb refcnt leak
    - net: stmmac: fix enabling socfpga's ptp_ref_clock
    - net: stmmac: Fix sub-second increment
    - ASoC: rsnd: Don't treat master SSI in multi SSI setup as parent
    - ASoC: rsnd: Fix "status check failed" spam for multi-SSI
    - cifs: protect updating server->dstaddr with a spinlock
    - scripts/config: allow colons in option strings for sed
    - lib/mpi: Fix building for powerpc with clang
    - net: bcmgenet: suppress warnings on failed Rx SKB allocations
    - net: systemport: suppress warnings on failed Rx SKB allocations
    - sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
    - drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event
    - hexagon: clean up ioremap
    - hexagon: define ioremap_uc
    - ALSA: hda: Match both PCI ID and SSID for driver blacklist
    - platform/x86: GPD pocket fan: Fix error message when temp-limits are out of
      range
    - mac80211: add ieee80211_is_any_nullfunc()
    - cgroup, netclassid: remove double cond_resched
    - ASoC: topology: Check return value of soc_tplg_create_tlv
    - ASoC: topology: Check return value of soc_tplg_*_create
    - ASoC: topology: Check return value of soc_tplg_dai_config
    - cifs: do not share tcons with DFS
    - udp: document udp_rcv_segment special case for looped packets
    - PM / devfreq: Add missing locking while setting suspend_freq
  * Disco update: upstream stable patchset 2020-05-18 (LP: #1879384)
    - drm/edid: Fix off-by-one in DispID DTD pixel clock
    - drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
    - drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
    - drm/qxl: qxl_release use after free
    - btrfs: fix block group leak when removing fails
    - ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter
    - ALSA: usb-audio: Correct a typo of NuPrime DAC-10 USB ID
    - ALSA: hda/hdmi: fix without unlocked before return
    - ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
    - PM: ACPI: Output correct message on target power state
    - PM: hibernate: Freeze kernel threads in software_resume()
    - dm verity fec: fix hash block number in verity_fec_decode
    - dm writecache: fix data corruption when reloading the target
    - dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath
    - scsi: qla2xxx: set UNLOADING before waiting for session deletion
    - scsi: qla2xxx: check UNLOADING before posting async work
    - RDMA/mlx5: Set GRH fields in query QP on RoCE
    - RDMA/mlx4: Initialize ib_spec on the stack
    - RDMA/core: Prevent mixed use of FDs between shared ufiles
    - RDMA/core: Fix race between destroy and release FD object
    - vfio: avoid possible overflow in vfio_iommu_type1_pin_pages
    - vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
    - iommu/qcom: Fix local_base status check
    - scsi: target/iblock: fix WRITE SAME zeroing
    - iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system
    - ALSA: opti9xx: shut up gcc-10 range warning
    - nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
    - dmaengine: dmatest: Fix iteration non-stop logic
    - selinux: properly handle multiple messages in selinux_netlink_send()
    - btrfs: fix partial loss of prealloc extent past i_size after fsync
    - btrfs: transaction: Avoid deadlock due to bad initialization timing of
      fs_info::journal_info
    - mmc: cqhci: Avoid false "cqhci: CQE stuck on" by not open-coding timeout
      loop
    - mmc: sdhci-xenon: fix annoying 1.8V regulator warning
    - mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers
    - mmc: sdhci-msm: Enable host capabilities pertains to R1b response
    - mmc: meson-mx-sdio: Set MMC_CAP_WAIT_WHILE_BUSY
    - mmc: meson-mx-sdio: remove the broken ->card_busy() op
    - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION
    - ALSA: line6: Fix POD HD500 audio playback
    - i2c: amd-mp2-pci: Fix Oops in amd_mp2_pci_init() error handling
    - dlmfs_file_write(): fix the bogosity in handling non-zero *ppos
    - ARM: dts: imx6qdl-sr-som-ti: indicate powering off wifi is safe
    - i2c: aspeed: Avoid i2c interrupt status clear race condition.
    - nvme: prevent double free in nvme_alloc_ns() error handling
    - dmaengine: dmatest: Fix process hang when reading 'wait' parameter
  * Slow send speed with Intel I219-V on Ubuntu 18.04.1 (LP: #1802691)
    - e1000e: Disable TSO for buffer overrun workaround
  * CVE-2020-10711
    - netlabel: cope with NULL catmap
  * CVE-2020-13143
    - USB: gadget: fix illegal array access in binding with UDC

-- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Fri, 26 Jun 2020 15:23:59 -0300

Changed in linux-oem-osp1 (Ubuntu Bionic):
status:	Fix Committed → Fix Released

koba (kobako) on 2020-07-14

Changed in linux (Ubuntu):
status:	In Progress → Fix Committed
status:	Fix Committed → In Progress
status:	In Progress → Invalid
assignee:	koba (kobako) → nobody

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-08-12:

#12

Download full text (28.0 KiB)

This bug was fixed in the package linux-oem-osp1 - 5.0.0-1065.70

---------------
linux-oem-osp1 (5.0.0-1065.70) bionic; urgency=medium

* bionic/linux-oem-osp1: 5.0.0-1065.70 -proposed tracker (LP: #1887090)

[ Ubuntu: 5.0.0-58.62 ]

  * disco/linux: 5.0.0-58.62 -proposed tracker (LP: #1887094)
  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux-oem-osp1 (5.0.0-1064.69) bionic; urgency=medium

* bionic/linux-oem-osp1: 5.0.0-1064.69 -proposed tracker (LP: #1885656)

* Update lockdown patches (LP: #1884159)
- [Config] Update kexec signature config options

[ Ubuntu: 5.0.0-57.61 ]

  * disco/linux: 5.0.0-57.61 -proposed tracker (LP: #1885660)
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Disco update: upstream stable patchset 2020-06-29 (LP: #1885629)
    - ipv6: fix IPV6_ADDRFORM operation logic
    - net_failover: fixed rollback in net_failover_open()
    - bridge: Avoid infinite loop when suppressing NS messages with invalid
      options
    - vxlan: Avoid infinite loop when suppressing NS messages with invalid options
    - tun: correct header offsets in napi frags mode
    - btrfs: Detect unbalanced tree with empty leaf before crashing btree
      operations
    - crypto: talitos - fix ECB and CBC algs ivsize
    - Input: mms114 - fix handling of mms345l
    - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
    - sched/fair: Don't NUMA balance for kthreads
    - Input: synaptics - add a second working PNP_ID for Lenovo T470s
    - drivers/net/ibmvnic: Update VNIC protocol version reporting
    - powerpc/xive: Clear the page tables for the ESB IO mapping
    - ath9k_htc: Silence undersized packet warnings
    - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated
    - x86/cpu/amd: Make erratum #1054 a legacy erratum
    - perf probe: Accept the instance number of kretprobe event
    - mm: add kvfree_sensitive() for freeing sensitive data objects
    - aio: fix async fsync creds
    - x86_64: Fix jiffies ODR violation
    - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
    - x86/speculation: Prevent rogue cross-process SSBD shutdown
    - x86/reboot/quirks: Add MacBook6,1 reboot quirk
    - efi/efivars: Add missing kobject_put() in sysfs entry creation error path
    - ALSA: es1688: Add the missed snd_card_free()
    - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
    - ALSA: usb-audio: Fix inconsistent card PM state after resume
    - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt
      Dock
    - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
    - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
    - ACPI: GED: add support for _Exx / _Lxx handler methods
    - ACPI: PM: Avoid using power resources if there are none for D0
    - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
    - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
    - spi: dw: Fix controller unregister order
...

This bug was fixed in the package linux-oem-osp1 - 5.0.0-1065.70

---------------
linux-oem-osp1 (5.0.0-1065.70) bionic; urgency=medium

* bionic/linux-oem-osp1: 5.0.0-1065.70 -proposed tracker (LP: #1887090)

[ Ubuntu: 5.0.0-58.62 ]

* disco/linux: 5.0.0-58.62 -proposed tracker (LP: #1887094)
  * linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
    - SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"

linux-oem-osp1 (5.0.0-1064.69) bionic; urgency=medium

* bionic/linux-oem-osp1: 5.0.0-1064.69 -proposed tracker (LP: #1885656)

* Update lockdown patches (LP: #1884159)
    - [Config] Update kexec signature config options

[ Ubuntu: 5.0.0-57.61 ]

* disco/linux: 5.0.0-57.61 -proposed tracker (LP: #1885660)
  * seccomp_bpf fails on powerpc (LP: #1885757)
    - SAUCE: selftests/seccomp: fix ptrace tests on powerpc
  * Disco update: upstream stable patchset 2020-06-29 (LP: #1885629)
    - ipv6: fix IPV6_ADDRFORM operation logic
    - net_failover: fixed rollback in net_failover_open()
    - bridge: Avoid infinite loop when suppressing NS messages with invalid
      options
    - vxlan: Avoid infinite loop when suppressing NS messages with invalid options
    - tun: correct header offsets in napi frags mode
    - btrfs: Detect unbalanced tree with empty leaf before crashing btree
      operations
    - crypto: talitos - fix ECB and CBC algs ivsize
    - Input: mms114 - fix handling of mms345l
    - ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
    - sched/fair: Don't NUMA balance for kthreads
    - Input: synaptics - add a second working PNP_ID for Lenovo T470s
    - drivers/net/ibmvnic: Update VNIC protocol version reporting
    - powerpc/xive: Clear the page tables for the ESB IO mapping
    - ath9k_htc: Silence undersized packet warnings
    - RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated
    - x86/cpu/amd: Make erratum #1054 a legacy erratum
    - perf probe: Accept the instance number of kretprobe event
    - mm: add kvfree_sensitive() for freeing sensitive data objects
    - aio: fix async fsync creds
    - x86_64: Fix jiffies ODR violation
    - x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
    - x86/speculation: Prevent rogue cross-process SSBD shutdown
    - x86/reboot/quirks: Add MacBook6,1 reboot quirk
    - efi/efivars: Add missing kobject_put() in sysfs entry creation error path
    - ALSA: es1688: Add the missed snd_card_free()
    - ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
    - ALSA: usb-audio: Fix inconsistent card PM state after resume
    - ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt
      Dock
    - ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
    - ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
    - ACPI: GED: add support for _Exx / _Lxx handler methods
    - ACPI: PM: Avoid using power resources if there are none for D0
    - cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
    - nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
    - spi: dw: Fix controller unregister order
    - spi: bcm2835aux: Fix controller unregister order
    - spi: bcm-qspi: when tx/rx buffer is NULL set to 0
    - PM: runtime: clk: Fix clk_pm_runtime_get() error path
    - crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is
      fully iterated
    - ALSA: pcm: disallow linking stream to itself
    - x86/{mce,mm}: Unmap the entire page if the whole page is affected and
      poisoned
    - KVM: x86: Fix APIC page invalidation race
    - kvm: x86: Fix L1TF mitigation for shadow MMU
    - KVM: x86/mmu: Consolidate "is MMIO SPTE" code
    - KVM: x86: only do L1TF workaround on affected processors
    - x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced
      IBRS.
    - x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
    - spi: No need to assign dummy value in spi_unregister_controller()
    - spi: Fix controller unregister order
    - spi: pxa2xx: Fix controller unregister order
    - spi: bcm2835: Fix controller unregister order
    - spi: pxa2xx: Fix runtime PM ref imbalance on probe error
    - crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
    - crypto: virtio: Fix src/dst scatterlist calculation in
      __virtio_crypto_skcipher_do_req()
    - crypto: virtio: Fix dest length calculation in
      __virtio_crypto_skcipher_do_req()
    - selftests/net: in rxtimestamp getopt_long needs terminating null entry
    - ovl: initialize error in ovl_copy_xattr
    - proc: Use new_inode not new_inode_pseudo
    - video: fbdev: w100fb: Fix a potential double free.
    - KVM: nSVM: fix condition for filtering async PF
    - KVM: nSVM: leave ASID aside in copy_vmcb_control_area
    - KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
    - KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
    - KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
    - KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
    - scsi: megaraid_sas: TM command refire leads to controller firmware crash
    - ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
    - ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
    - ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
    - ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
    - Smack: slab-out-of-bounds in vsscanf
    - drm/vkms: Hold gem object while still in-use
    - mm/slub: fix a memory leak in sysfs_slab_add()
    - fat: don't allow to mount if the FAT length == 0
    - perf: Add cond_resched() to task_function_call()
    - agp/intel: Reinforce the barrier after GTT updates
    - mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
    - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description
    - mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
    - xen/pvcalls-back: test for errors when calling backend_connect()
    - KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception
    - ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
    - drm: bridge: adv7511: Extend list of audio sample rates
    - crypto: ccp -- don't "select" CONFIG_DMADEVICES
    - media: si2157: Better check for running tuner in init
    - objtool: Ignore empty alternatives
    - spi: pxa2xx: Apply CS clk quirk to BXT
    - net: atlantic: make hw_get_regs optional
    - net: ena: fix error returning in ena_com_get_hash_function()
    - efi/libstub/x86: Work around LLVM ELF quirk build regression
    - arm64: cacheflush: Fix KGDB trap detection
    - spi: dw: Zero DMA Tx and Rx configurations on stack
    - arm64: insn: Fix two bugs in encoding 32-bit logical immediates
    - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
    - MIPS: Loongson: Build ATI Radeon GPU driver as module
    - Bluetooth: Add SCO fallback for invalid LMP parameters error
    - kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb
    - kgdb: Prevent infinite recursive entries to the debugger
    - spi: dw: Enable interrupts in accordance with DMA xfer mode
    - clocksource: dw_apb_timer: Make CPU-affiliation being optional
    - clocksource: dw_apb_timer_of: Fix missing clockevent timers
    - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
    - ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
    - batman-adv: Revert "disable ethtool link speed detection when auto
      negotiation off"
    - mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error
    - spi: dw: Fix Rx-only DMA transfers
    - x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
    - net: vmxnet3: fix possible buffer overflow caused by bad DMA value in
      vmxnet3_get_rss()
    - staging: android: ion: use vmap instead of vm_map_ram
    - brcmfmac: fix wrong location to get firmware feature
    - tools api fs: Make xxx__mountpoint() more scalable
    - e1000: Distribute switch variables for initialization
    - dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
    - audit: fix a net reference leak in audit_send_reply()
    - media: dvb: return -EREMOTEIO on i2c transfer failure.
    - media: platform: fcp: Set appropriate DMA parameters
    - MIPS: Make sparse_init() using top-down allocation
    - Bluetooth: btbcm: Add 2 missing models to subver tables
    - audit: fix a net reference leak in audit_list_rules_send()
    - netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
    - selftests/bpf: Fix memory leak in extract_build_id()
    - net: bcmgenet: set Rx mode before starting netif
    - lib/mpi: Fix 64-bit MIPS build with Clang
    - exit: Move preemption fixup up, move blocking operations down
    - sched/core: Fix illegal RCU from offline CPUs
    - drivers/perf: hisi: Fix typo in events attribute array
    - net: lpc-enet: fix error return code in lpc_mii_init()
    - media: cec: silence shift wrapping warning in __cec_s_log_addrs()
    - net: allwinner: Fix use correct return type for ndo_start_xmit()
    - powerpc/spufs: fix copy_to_user while atomic
    - xfs: clean up the error handling in xfs_swap_extents
    - Crypto/chcr: fix for ccm(aes) failed test
    - MIPS: Truncate link address into 32bit for 32bit kernel
    - mips: cm: Fix an invalid error code of INTVN_*_ERR
    - kgdb: Fix spurious true from in_dbg_master()
    - xfs: reset buffer write failure state on successful completion
    - xfs: fix duplicate verification from xfs_qm_dqflush()
    - platform/x86: intel-vbtn: Use acpi_evaluate_integer()
    - platform/x86: intel-vbtn: Split keymap into buttons and switches parts
    - platform/x86: intel-vbtn: Do not advertise switches to userspace if they are
      not there
    - platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and
      "Portable" chassis-types
    - nvme: refine the Qemu Identify CNS quirk
    - ath10k: Remove msdu from idr when management pkt send fails
    - wcn36xx: Fix error handling path in 'wcn36xx_probe()'
    - net: qed*: Reduce RX and TX default ring count when running inside kdump
      kernel
    - mt76: avoid rx reorder buffer overflow
    - md: don't flush workqueue unconditionally in md_open
    - veth: Adjust hard_start offset on redirect XDP frames
    - net/mlx5e: IPoIB, Drop multicast packets that this interface sent
    - rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
    - mwifiex: Fix memory corruption in dump_station
    - x86/boot: Correct relocation destination on old linkers
    - mips: MAAR: Use more precise address mask
    - mips: Add udelay lpj numbers adjustment
    - crypto: stm32/crc32 - fix ext4 chksum BUG_ON()
    - crypto: stm32/crc32 - fix run-time self test issue.
    - crypto: stm32/crc32 - fix multi-instance
    - x86/mm: Stop printing BRK addresses
    - m68k: mac: Don't call via_flush_cache() on Mac IIfx
    - btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new
      qgroup
    - macvlan: Skip loopback packets in RX handler
    - PCI: Don't disable decoding when mmio_always_on is set
    - MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
    - bcache: fix refcount underflow in bcache_device_free()
    - mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
    - staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
    - mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
    - ixgbe: fix signed-integer-overflow warning
    - mmc: sdhci-esdhc-imx: fix the mask for tuning start point
    - spi: dw: Return any value retrieved from the dma_transfer callback
    - cpuidle: Fix three reference count leaks
    - platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
    - platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015)
    - platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop"
      chasis-type
    - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
    - btrfs: include non-missing as a qualifier for the latest_bdev
    - btrfs: send: emit file capabilities after chown
    - mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
    - mm: initialize deferred pages with interrupts enabled
    - ima: Fix ima digest hash table key calculation
    - ima: Directly assign the ima_default_policy pointer to ima_rules
    - evm: Fix possible memory leak in evm_calc_hmac_or_hash()
    - ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
    - ext4: fix error pointer dereference
    - ext4: fix race between ext4_sync_parent() and rename()
    - PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect
    - PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
    - PCI: Avoid FLR for AMD Starship USB 3.0
    - PCI: Add ACS quirk for iProc PAXB
    - PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
    - PCI: Move Rohm Vendor ID to generic list
    - misc: pci_endpoint_test: Add the layerscape EP device support
    - misc: pci_endpoint_test: Add support to test PCI EP in AM654x
    - PCI: Add Synopsys endpoint EDDA Device ID
    - PCI: Add NVIDIA GPU multi-function power dependencies
    - PCI: mediatek: Add controller support for MT7629
    - ALSA: lx6464es - add support for LX6464ESe pci express variant
    - PCI: Add Genesys Logic, Inc. Vendor ID
    - PCI: Add Amazon's Annapurna Labs vendor ID
    - PCI: vmd: Add device id for VMD device 8086:9A0B
    - x86/amd_nb: Add Family 19h PCI IDs
    - PCI: Add Loongson vendor ID
    - serial: 8250_pci: Move Pericom IDs to pci_ids.h
    - PCI: Generalize multi-function power dependency device links
    - btrfs: fix error handling when submitting direct I/O bio
    - btrfs: fix wrong file range cleanup after an error filling dealloc range
    - ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()
    - PCI: Program MPS for RCiEP devices
    - e1000e: Relax condition to trigger reset for ME workaround
    - carl9170: remove P2P_GO support
    - media: go7007: fix a miss of snd_card_free
    - Bluetooth: hci_bcm: fix freeing not-requested IRQ
    - b43legacy: Fix case where channel status is corrupted
    - b43: Fix connection problem with WPA3
    - b43_legacy: Fix connection problem with WPA3
    - media: ov5640: fix use of destroyed mutex
    - igb: Report speed and duplex as unknown when device is runtime suspended
    - power: vexpress: add suppress_bind_attrs to true
    - pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210
    - pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
    - gnss: sirf: fix error return code in sirf_probe()
    - sparc32: fix register window handling in genregs32_[gs]et()
    - sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
    - dm crypt: avoid truncating the logical block size
    - alpha: fix memory barriers so that they conform to the specification
    - kernel/cpu_pm: Fix uninitted local in cpu_pm
    - ARM: tegra: Correct PL310 Auxiliary Control Register initialization
    - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus
    - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin
    - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries
    - drivers/macintosh: Fix memleak in windfarm_pm112 driver
    - powerpc/64s: Don't let DT CPU features set FSCR_DSCR
    - powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
    - kbuild: force to build vmlinux if CONFIG_MODVERSION=y
    - sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate
      registrations.
    - sunrpc: clean up properly in gss_mech_unregister()
    - mtd: rawnand: brcmnand: fix hamming oob layout
    - mtd: rawnand: pasemi: Fix the probe error path
    - w1: omap-hdq: cleanup to add missing newline for some dev_dbg
    - perf probe: Do not show the skipped events
    - perf probe: Fix to check blacklist address correctly
    - perf probe: Check address correctness by map instead of _etext
    - perf symbols: Fix debuginfo search for Ubuntu
    - elfnote: mark all .note sections SHF_ALLOC
    - csky: Fixup abiv2 syscall_trace break a4 & a5
    - spi: dw: Fix native CS being unset
    - PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay
    - fanotify: fix ignore mask logic for events on child and on dir
    - KVM: x86: respect singlestep when emulating instruction
    - ASoC: max9867: fix volume controls
    - arm64: acpi: fix UBSAN warning
    - crypto: algapi - Avoid spurious modprobe on LOADED
    - firmware: imx: warn on unexpected RX
    - firmware: imx-scu: Support one TX and one RX
    - firmware: imx: scu: Fix corruption of header
    - dccp: Fix possible memleak in dccp_init and dccp_fini
    - video: vt8500lcdfb: fix fallthrough warning
    - mmc: mmci_sdmmc: fix DMA API warning overlapping mappings
    - mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe()
    - block/floppy: fix contended case in floppy_queue_rq()
  * Disco update: upstream stable patchset 2020-06-22 (LP: #1884581)
    - devinet: fix memleak in inetdev_init()
    - l2tp: add sk_family checks to l2tp_validate_socket
    - l2tp: do not use inet_hash()/inet_unhash()
    - net: usb: qmi_wwan: add Telit LE910C1-EUX composition
    - NFC: st21nfca: add missed kfree_skb() in an error path
    - vsock: fix timeout in vsock_accept()
    - net: check untrusted gso_size at kernel entry
    - USB: serial: qcserial: add DW5816e QDL support
    - USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
    - USB: serial: option: add Telit LE910C1-EUX compositions
    - iio: vcnl4000: Fix i2c swapped word reading.
    - usb: musb: start session in resume for host port
    - usb: musb: Fix runtime PM imbalance on error
    - vt: keyboard: avoid signed integer overflow in k_ascii
    - tty: hvc_console, fix crashes on parallel open/close
    - staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
    - CDC-ACM: heed quirk also in error handling
    - nvmem: qfprom: remove incorrect write support
    - uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly
      aligned
    - Revert "net/mlx5: Annotate mutex destroy for root ns"
    - net: be more gentle about silly gso requests coming from user
    - USB: serial: ch341: add basis for quirk detection
  * Disco update: upstream stable patchset 2020-06-16 (LP: #1883773)
    - Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race
      window"
    - libnvdimm: Fix endian conversion issues
    - HID: sony: Fix for broken buttons on DS3 USB dongles
    - HID: i2c-hid: add Schneider SCL142ALM to descriptor override
    - p54usb: add AirVasT USB stick device-id
    - mmc: fix compilation of user API
    - scsi: ufs: Release clock if DMA map fails
    - net: dsa: mt7530: set CPU port to fallback mode
    - airo: Fix read overflows sending packets
    - drm/i915: fix port checks for MST support on gen >= 11
    - powerpc/powernv: Avoid re-registration of imc debugfs directory
    - spi: dw: use "smp_mb()" to avoid sending spi data error
    - s390/ftrace: save traced function caller
    - ARC: Fix ICCM & DCCM runtime size checks
    - ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT
    - evm: Fix RCU list related warnings
    - i2c: altera: Fix race between xfer_msg and isr thread
    - x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
    - net: bmac: Fix read of MAC address from ROM
    - drm/edid: Add Oculus Rift S to non-desktop list
    - s390/mm: fix set_huge_pte_at() for empty ptes
    - null_blk: return error for invalid zone size
    - net/ethernet/freescale: rework quiesce/activate for ucc_geth
    - net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
    - net: smsc911x: Fix runtime PM imbalance on error
    - HID: multitouch: add support for the Smart Tech panel
    - HID: multitouch: enable multi-input as a quirk for some devices
    - mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter
    - media: staging: ipu3-imgu: Move alignment attribute to field
    - ASoC: intel - fix the card names
    - selftests: mlxsw: qos_mc_aware: Specify arping timeout as an integer
  * Disco update: upstream stable patchset 2020-06-10 (LP: #1883001)
    - ax25: fix setsockopt(SO_BINDTODEVICE)
    - dpaa_eth: fix usage as DSA master, try 3
    - net: dsa: mt7530: fix roaming from DSA user ports
    - __netif_receive_skb_core: pass skb by reference
    - net: inet_csk: Fix so_reuseport bind-address cache in tb->fast*
    - net: ipip: fix wrong address family in init error path
    - net/mlx5: Add command entry handling completion
    - net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
    - net: revert "net: get rid of an signed integer overflow in
      ip_idents_reserve()"
    - net sched: fix reporting the first-time use timestamp
    - r8152: support additional Microsoft Surface Ethernet Adapter variant
    - sctp: Don't add the shutdown timer if its already been added
    - sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and
      socket is closed
    - net/mlx5e: Update netdev txq on completions during closure
    - net/mlx5: Annotate mutex destroy for root ns
    - net: sun: fix missing release regions in cas_init_one().
    - net/mlx4_core: fix a memory leak bug.
    - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload
      fails
    - ARM: dts: rockchip: fix phy nodename for rk3228-evb
    - arm64: dts: rockchip: fix status for &gmac2phy in rk3328-evb.dts
    - arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
    - ARM: dts: rockchip: swap clock-names of gpu nodes
    - ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
    - gpio: tegra: mask GPIO IRQs during IRQ shutdown
    - ALSA: usb-audio: add mapping for ASRock TRX40 Creator
    - net: microchip: encx24j600: add missed kthread_stop
    - gfs2: move privileged user check to gfs2_quota_lock_check
    - cachefiles: Fix race between read_waiter and read_copier involving op->to_do
    - usb: dwc3: pci: Enable extcon driver for Intel Merrifield
    - usb: gadget: legacy: fix redundant initialization warnings
    - net: freescale: select CONFIG_FIXED_PHY where needed
    - IB/i40iw: Remove bogus call to netdev_master_upper_dev_get()
    - riscv: stacktrace: Fix undefined reference to `walk_stackframe'
    - cifs: Fix null pointer check in cifs_read
    - samples: bpf: Fix build error
    - Input: usbtouchscreen - add support for BonXeon TP
    - Input: evdev - call input_flush_device() on release(), not flush()
    - Input: xpad - add custom init packet for Xbox One S controllers
    - Input: dlink-dir685-touchkeys - fix a typo in driver name
    - Input: i8042 - add ThinkPad S230u to i8042 reset list
    - Input: synaptics-rmi4 - really fix attn_data use-after-free
    - Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
    - ARM: 8970/1: decompressor: increase tag size
    - ARM: 8843/1: use unified assembler in headers
    - ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
    - ARM: uaccess: integrate uaccess_save and uaccess_restore
    - ARM: uaccess: fix DACR mismatch with nested exceptions
    - gpio: exar: Fix bad handling for ida_simple_get error path
    - IB/qib: Call kobject_put() when kobject_init_and_add() fails
    - ARM: dts/imx6q-bx50v3: Set display interface clock parents
    - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
    - ARM: dts: bcm: HR2: Fix PPI interrupt types
    - mmc: block: Fix use-after-free issue for rpmb
    - RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
    - ALSA: hwdep: fix a left shifting 1 by 31 UB bug
    - ALSA: hda/realtek - Add a model for Thinkpad T570 without DAC workaround
    - ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
    - exec: Always set cap_ambient in cap_bprm_set_creds
    - ALSA: usb-audio: Quirks for Gigabyte TRX40 Aorus Master onboard audio
    - ALSA: hda/realtek - Add new codec supported for ALC287
    - libceph: ignore pool overlay and cache logic on redirects
    - IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode
    - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
    - fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
    - include/asm-generic/topology.h: guard cpumask_of_node() macro argument
    - iommu: Fix reference count leak in iommu_group_alloc.
    - parisc: Fix kernel panic in mem_init()
    - RDMA/core: Fix double destruction of uobject
    - mac80211: mesh: fix discovery timer re-arming issue / crash
    - x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
    - copy_xstate_to_kernel(): don't leave parts of destination uninitialized
    - xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
    - xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
    - xfrm interface: fix oops when deleting a x-netns interface
    - xfrm: fix a warning in xfrm_policy_insert_list
    - xfrm: fix a NULL-ptr deref in xfrm_local_error
    - xfrm: fix error in comment
    - vti4: eliminated some duplicate code.
    - ip_vti: receive ipip packet by calling ip_tunnel_rcv
    - netfilter: nft_reject_bridge: enable reject with bridge vlan
    - netfilter: ipset: Fix subcounter update skip
    - netfilter: nfnetlink_cthelper: unbreak userspace helper support
    - netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
    - esp6: get the right proto for transport mode in esp6_gso_encap
    - bnxt_en: Fix accumulation of bp->net_stats_prev.
    - xsk: Add overflow check for u64 division, stored into u32
    - qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
    - crypto: chelsio/chtls: properly set tp->lsndtime
    - bonding: Fix reference count leak in bond_sysfs_slave_add.
    - netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
    - mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
    - net: don't return invalid table id error when we fall back to PF_UNSPEC
    - net: ethernet: ti: cpsw: fix ASSERT_RTNL() warning during suspend
    - net: mvpp2: fix RX hashing for non-10G ports
    - tls: Fix recvmsg() to be able to peek across multiple records
    - net/tls: fix race condition causing kernel panic
    - net/mlx5e: Fix inner tirs handling
    - net/tls: fix encryption error checking
    - net/tls: free record only on encryption error
    - gfs2: Grab glock reference sooner in gfs2_add_revoke
    - usb: phy: twl6030-usb: Fix a resource leak in an error handling path in
      'twl6030_usb_probe()'
    - clk: ti: am33xx: fix RTC clock parent
    - csky: Fixup remove duplicate irq_disable
    - csky: Fixup raw_copy_from_user()
    - soc: mediatek: cmdq: return send msg error code
    - Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and
      REQ_NOWAIT"
    - gpio: fix locking open drain IRQ lines
    - xfrm: remove the xfrm_state_put call becofe going to out_reset
    - ieee80211: Fix incorrect mask for default PE duration
    - perf: Make perf able to build with latest libbfd
  * Update lockdown patches (LP: #1884159)
    - SAUCE: (efi-lockdown) kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and
      KEXEC_SIG_FORCE
    - SAUCE: (efi-lockdown) kexec_file: Restrict at runtime if the kernel is
      locked down
    - [Config] Update kexec signature config options
    - efi/efi_test: Lock down /dev/efi_test and require CAP_SYS_ADMIN
    - efi: Restrict efivar_ssdt_load when the kernel is locked down
    - powerpc/xmon: add read-only mode
    - powerpc/xmon: Restrict when kernel is locked down
    - SAUCE: acpi: disallow loading configfs acpi tables when locked down
    - [Config] CONFIG_XMON_DEFAULT_RO_MODE=y
  * CVE-2020-10757
    - mm: Fix mremap not considering huge pmd devmap
  * CVE-2020-11935
    - SAUCE: aufs: do not call i_readcount_inc()
    - SAUCE: aufs: bugfix, IMA i_readcount
  * apparmor reference leak causes refcount_t overflow with af_alg_accept()
    (LP: #1883962)
    - apparmor: check/put label on apparmor_sk_clone_security()
  * CVE-2019-16089
    - SAUCE: nbd_genl_status: null check for nla_nest_start
  * CVE-2019-19642
    - kernel/relay.c: handle alloc_percpu returning NULL in relay_open
  * CVE-2019-12380
    - efi/x86/Add missing error handling to old_memmap 1:1 mapping code

-- Stefan Bader <stefan.bader@canonical.com>  Tue, 14 Jul 2020 16:02:41 +0200

Changed in linux-oem-osp1 (Ubuntu):
status:	Invalid → Fix Released

	Status	Importance	Assigned to
linux (Ubuntu)	Invalid	Undecided	Unassigned
Bionic	New	Undecided	Unassigned
linux-oem-osp1 (Ubuntu)	Fix Released	Undecided	Unassigned
Bionic	Fix Released	Undecided	Unassigned

Ubuntu
linux package

kernel NULL pointer dereference when plugging/unpluggin USB-c (power or hub)

Bug Description

CVE References

Other bug subscribers

Related questions

Bug attachments

Remote bug watches

Ubuntulinux package

kernel NULL pointer dereference when plugging/unpluggin USB-c (power or hub)

Bug Description

CVE References

Other bug subscribers

Related questions

Bug attachments

Remote bug watches

Ubuntu
linux package